It's 2013, and pretty much everyone's SSH private keys are encrypted with a symmetric key that's just an MD5 of their password o_O
@gkmccready any decent PBKDF. ssh supports PKCS#8/PBKDF2 out of the box (except, apparently, on OS X Mavericks)
-
-
@bascule But your threats are evil admin or running as me already. Making something take more CPU doesn't solve those. -
@gkmccready the threat is any program running as you that an attacker can get to read a file you own. That's a lot of attack surface -
@bascule Again, if somebody can read 0n00 permission'd files owned by me, they've already won... all my web passwds, my private keys, my ... -
@gkmccready you must do a loysy job of encrypting things ;) -
@bascule Does your browser prompt you for a key every time you start it? Mine doesn't... so the key and encrypted data is there if you're me -
@gkmccready I use@1Password, which derives a key from my password -
@bascule Again... could ssh do better? Sure. Is it the first thing I worry about if somebody is evil admin or reading files as me? Hell no. -
@gkmccready I'm not a fan of putting steel doors on paper walls, but I am definitely an opponent of shitty KDFs
End of conversation
New conversation -
-
-
@bascule The only threat this change might address is unintentional/accidental disclosure. ie. Didn't wipe old hard disk. Emailed them. Etc.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.