Jon Elson wrote: > Why do you feel these keys are such a vulnerability? These keys > can be generated specifically for LinuxCNC ONLY, and not used on > any other site. Also, they are useless for accessing anything > on YOUR computer, they are generated for your computer to access > outside sites only. The only possible harm that could come from > these keys is someone could spoof being you and do something > malicious to the LinuxCNC repository.
No No NO! The key you send to cradek to gain access to the CVS server is your PUBLIC key! You can post your public key on your website and give it to every Tom, Dick, and Hacker in the world and it wouldn't matter. Your PRIVATE key stays on your machine. Public key cryptography works by having you encrypt things with your private key, and the server decrypts them with the public key. The server never sees your private key, but it knows that you (or someone with your PRIVATE key) sent the message. You don't need to make a key just for EMC. It is very common for people to use one public/private key pair for all of their on-line activities. There is absolutely no reason to avoid giving out your PUBLIC key, to the EMC CVS server or to anyone else. Regards, John Kasunich ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Emc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/emc-users
