At 12:53 PM 4/26/00, you wrote:
>Of course, nothing is as secure as a human being typing the passphrase in
>at startup, but we've established that that is too much like hard work :).
Sorry, .. but you missed the point. If you are rebooting a server:
1) In many cases the person doing the rebooting does not have root access, .. much
less knowledge OF the pass phrase!
2) In many other cases, the reboot is done remotely.
3) In both cases above, the server would HANG on reboot awaiting a passphrase.
3) In 95% of the other cases, nobody is going to the trouble to write a C program just
to enter the passphrase.
4) A passphrase on a server doesn't really matter anyway, .. since if the machine is
setup correctly only the SysAdmin has access to the directory with the key.
In reality, passphrases are only applicable on user-level machines.
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
