OpenSSH daemon security bug?
Michael Stone
mstone at mathom.us
Wed Jan 6 06:06:45 EST 2010
On Tue, Jan 05, 2010 at 12:25:26PM -0500, you wrote:
>i don't think you're comparing the same thing, though. You can make
>sure it's a really really strong password, but it's still *not* possible
>to enforce that your users keep their password safe.
>
>If you're worried that your users might leave an unprotected key lying
>around, you should *also* be worried that those same users might send
>their password via e-mail (even if it's just "to themselves as a
>reminder"), or write it in a cleartext file on their computer, reuse it
>for their amazon account, for their blog, etc.
In my experience users have a much better understanding of what to do
with a password than what to do with a key. It's also fairly trivial to
do things like force password changes if compromise is suspected, etc.,
as infrastructure to do that is pretty common. While it's certainly
possible to do that sort of thing with key management, it's much less
common (especially among people who use keys "because they're more
secure").
Also, it's worth noting that "well, people can mishandle passwords"
isn't really a worthwhile argument. The question should be, "what threat
are you trying to mitigate by using keys?" If you know what you're
trying to do and why you're trying to do it, then you can have a
rational discussion of the costs vs benefits of the two approaches.
(IMO, there's no single "right answer" for everbody, which is why it
needs to be thought about.)
Mike Stone
More information about the openssh-unix-dev
mailing list