Judson Lester <jlester@tulane.edu> writes:
> On the other hand, cleartext passwords are like shouting your PIN
> down a darkened hallway.
Perhaps if you said "a darkened, soundproofed closet" I'd agree. Most
times, no one is listening when you shout. When they can hear you,
they don't care what you say.
And, since all this is about putting a passphrase on a keypair, then
what's all the fuss about? Use ssh-agent, type your passphrase once
per session, and forget about it. Using a passphrase isn't that much
trouble and gives your key an order of magnitude more safety.
I've done a lot of thought over the years about the Internet and
security and, while I am not a security expert, I've come to the
conclusion that this paranoia about cleartext passwords isn't
justified. People see a social problem (protecting your information)
and figure it has a technical solution (encryption). Encryption can
help, but it has to be used correctly. And it can't replace careful
thought and action.
Now, by no means am I advocating cleartext passwords. I'm SSLed,
TLSed, SSHed, and GPGed out the wazoo. But, there is a negligible
difference between the amount of work necessary to get your cleartext
password as it travels over the wire and capturing your keypair.
There are a couple of reasons I've come to this conclusion.
1. The primary risk is not how or if the password travels over the
wire.
2. The wire is relatively secure from taps.
The second item first: Today's switched networks mean that access to
the packets going over the wire involves compromising some
hardware -- most likely one of the endpoints.
That is, I have more reason to fear someone who compromises a server
I connect to than someone who compromises MAE East. Why? Because My
traffic at MAE East is statistically insignificant. Anyone with a
password sniffer there is going to be overwhelmed with data.
Besides, my data isn't going through MAE East.
If someone compromises the server that I'm connecting to, I'm still
not too worried if all they do is put up a password sniffer. That'd
be a pretty stupid cracker. Whoop-ti-doo. A bunch of random
passwords. In most places, that's meaningless -- they already have
access to the server and all the data on it.
And if I can break into the server you're using, then who's to say I
can't break into your box and steal your keys?
I'm more afraid of the cracker who compromises the server and
replaces the binaries to log all of /my/ activity.
But, the reality is that while break-ins should be prevented, most
break-ins cause very little harm other than loss of time and (rarely,
you do have backups, don't you?) loss of data. Usually, the cracker
just wants a jumping-off spot.
And, anyway, as I said, the real risk is not cleartext passwords.
It's user stupidity.
If I'm a malicious guy who's out to cause you damage, then it is far
more effective for me to call you or your spouse up on the phone, pose
as someone you should trust, and rob you blind.
Yes, all that encryption is important, but it isn't /that/ important.
It'll only stop the idle script kiddie. The people you should really
be afraid of won't even bother with it.
And, get this: No one really cares about your shell account.
That's what all this is about anyway.
Figure out who you're afraid of and why so you can make sensible
decisions about what you're doing. Otherwise, you'll put your
password-less keypair on a USB key and forget the key at your friend's
house.
And your friend has more reason to be interested in what's on the key
than most people do.
Heck, I used to regularly get requests from random individuals who
wanted to know if I could to hack into the account of a wife, a
friend, or a lover. You have more reason to fear people those people
(who have access to your unprotected keypair) than you do from the
script kiddie sniffing passwords.
Remember, using a passphrase involves one extra step, but adds an
order of magnitude (or more!) of protection. Use 'em!
Mark.
-- As long as you have mystery you have health; when you destroy mystery you create morbidity. -- G.K. Chesterson ___________________ Nolug mailing list nolug@nolug.orgReceived on 07/21/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST