Security-aware people: How risky/bad is it to publish an SSH private key that has a very long/secure passphrase?
-
-
-
Would you please elaborate a bit? If the private key cannot be used without a secret, why is leaking the key not equal to not-leaking an equally strong secret in a non-key scenario?
1 reply 0 retweets 1 like -
that is essentially my question
1 reply 0 retweets 1 like -
It is equivalent to leaking the passphrase in a non-key scenario. However, defense in depth is all about having multiple layers of protection. The passphrase is an additional layer of defense, but relying on it as the only mechanism goes against that. You wouldn’t disable 2FA.
4 replies 2 retweets 16 likes -
I could’ve phrased that better. What I meant: this scenario is similar to having a password + 2FA as additional protection. When the password leaks, you wouldn’t continue using it “because 2FA protects me anyhow”, right?
3 replies 2 retweets 10 likes
The leaked private key situation is the same, except the private key is the main thing you’re protecting, and the passphrase is the additional defense.
-
-
that makes sense to me!
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.