Werner Koch <w...@gnupg.org> writes: >Which is not a surprise given that many SSH users believe that ssh >automagically make their root account save and continue to use their lame >passwords instead of using PK based authentication.
That has its own problems with magical thinking: Provided you use PK auth, you're magically secure, even if the private key is stored in plaintext on ten different Internet-connected multiuser machines. I don't know how many times I've been asked to change my line-noise password for PK auth, told the person requesting the change that this would make them less secure because I need to spread my private key across any number of not-very-secure machines, and they've said that's OK because as long as it uses PKCs it's magically secure. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
