> "healey, alex" wrote:
>
>
> > >Naah. If you use public/private key system you never have to enter a
> > >passphrase ... ever ;) I don't even know my passwords on most systems I
> >
> > have
> >
> > >accounts on because I don't need it ;)
> >
> >
> > Surely this means it is insecure or you are assuming total physical
> > security of your computer (so that it is safe to store you full
> > credentials there). All PKI systems I have used require both physical
> > "key" (disk, card, or hard drive files) and a password / passphrase
> > otherwise they aren't secure as there is nothing to stop anyone using
> > your computer to impersonate you.
> >
> > Maybe I am missing something.
Nope ;)
But I run linux and thus I have consequently learnt that once a user
compromises a local account then it is trivial to compromise root. Once root
is compromised they can easily compromise ssh binary. Also if they can get to
physical location it is trivial to compromise root.
Using passworded keystores often gives people a false sense of security I
guess and it only really protects against script kiddies. But if script
kiddies can compromise a local account ... then you have faaar more problems
to think about ;)
If I need to develope securely then I disconnect from network and lock it it
behind a metal door. Unfortunately it is damn cold down there so I usually
only do that when forced to ;)
Cheers,
Pete
*-----------------------------------------------------*
| "Faced with the choice between changing one's mind, |
| and proving that there is no need to do so - almost |
| everyone gets busy on the proof." |
| - John Kenneth Galbraith |
*-----------------------------------------------------*
