[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Re: [ #670138]

From: Bernie Innocenti
Subject: Re: [Savannah-hackers-public] Re: [ #670138] Dom0 upgrade
Date: Mon, 21 Feb 2011 14:57:18 -0500

On Mon, 2011-02-21 at 18:27 +0100, Jim Meyering wrote: 
> Doesn't sound like you're joking...
> Please, never reuse passphrases for such important things.
> Even if someone key-logs or shoulder-surfs[*] my ssh passphrase,
> they'll still have to get my private key, and none of that will
> help them get my gpg passphrase or *its* private key.

If both keys must be used in quick succession, as is the case for
logging in with fwknopd + ssh, there's no gain in having two different

As you said, the only effective way to improve security in a two-factor
authentication is to store the keys on different devices.  However, card
readers are relatively rare and it's unrealistic to think that most
Savannah maintainers will start using them to turn fwknopd into an
effective security measure.

Limiting ssh access to a few known IPs is easy and constitutes an
independent factor in addition to ssh authentication (although a weak
one). Given that the implementation cost is very low, why not do it?

> We can't be too paranoid... if my system were to be cracked, it'd
> be way too easy for someone to do something nasty right as I'm
> making a coreutils release, that I would then gpg-sign and upload.
> No one audits those 50K-line configure scripts.  I would hate to
> be responsible for that.

I agree that security is important, but we should find security measures
that are not too inconvenient for daily use, because otherwise people
tend to work them around or disable them. I've seen this happen many
times in corporate environments and, while GNU contributors can be
expected to be more responsible than the average developer, everyone has
a limit.

He who has SElinux still enabled cast the first stone :-)

Bernie Innocenti
Systems Administrator, Free Software Foundation

reply via email to

[Prev in Thread] Current Thread [Next in Thread]