Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Adam Williamson awilliam at
Thu Oct 13 17:16:51 UTC 2011

On Thu, 2011-10-13 at 09:12 +0100, Richard W.M. Jones wrote:
> On Wed, Oct 12, 2011 at 12:48:57PM -0700, Adam Williamson wrote:
> > Sure. However, if you have multiple keys with multiple passphrases, then
> > it's extra work to compromise each key.
> Not true at all.  If I keep my key(s) in a single location (a secure
> machine at my home), then either all keys in that location are secure
> or they've all been compromised.  Someone with a rootkit on that
> machine can capture all of my keys and all of my passphrases.

A rootkit is one kind of compromise, sure. I outlined another kind in an
earlier reply to a similar objection. (Here's another one: you keep your
Single Key For Everything or your Giant Key Collection on a USB key, and
the USB key gets swiped. Yes, yes, I know, the key should be

> > let's say you have an account on and one on It
> > may make some kind of sense to your workflow for you to keep the
> > private key you use to access in your home directory on
> >
> If you do this, you're doing it wrong.

It's been pretty well established by now that lots of people do security
wrong all the time. Just saying 'everyone who's doing it wrong loses and
the only scenario we care about is the one in which everyone does it
right' is ludicrous.

The point is that there are actual plausible scenarios in which using
multiple keys results in a less catastrophic outcome than using a single
key for everything. That's all I ever claimed. I did not claim any of
the hypothetical examples I presented were cases of best security
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the devel mailing list