It's 2013, and pretty much everyone's SSH private keys are encrypted with a symmetric key that's just an MD5 of their password o_O
@gkmccready the threat is any program running as you that an attacker can get to read a file you own. That's a lot of attack surface
-
-
@bascule Again, if somebody can read 0n00 permission'd files owned by me, they've already won... all my web passwds, my private keys, my ... -
@gkmccready you must do a loysy job of encrypting things ;) -
@bascule Does your browser prompt you for a key every time you start it? Mine doesn't... so the key and encrypted data is there if you're me -
@gkmccready I use@1Password, which derives a key from my password -
@bascule Again... could ssh do better? Sure. Is it the first thing I worry about if somebody is evil admin or reading files as me? Hell no. -
@gkmccready I'm not a fan of putting steel doors on paper walls, but I am definitely an opponent of shitty KDFs
End of conversation
New conversation -
-
-
@bascule You're adding minor defense-in-depth. It's not a sky-is-falling situation. -
@gkmccready you never answered my question regarding whether or not you encrypt your SSH private key -
@bascule I did. I have a passphrase.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.