It's 2013, and pretty much everyone's SSH private keys are encrypted with a symmetric key that's just an MD5 of their password o_O
-
-
@bascule The point is the md5'd passphrase as a symmetric key isn't the weak point. For it to be the weakest link, you're already in trouble -
@gkmccready cryptography is a systems problem, and all parts need to be secure -
@bascule Okay, what do you replace it with that's any better given the threats you're trying to mitigate? -
@gkmccready any decent PBKDF. ssh supports PKCS#8/PBKDF2 out of the box (except, apparently, on OS X Mavericks) -
@bascule But your threats are evil admin or running as me already. Making something take more CPU doesn't solve those. -
@gkmccready the threat is any program running as you that an attacker can get to read a file you own. That's a lot of attack surface -
@bascule Again, if somebody can read 0n00 permission'd files owned by me, they've already won... all my web passwds, my private keys, my ... -
@gkmccready you must do a loysy job of encrypting things ;) - 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.