On Wed, Dec 03, 2003 at 09:46:21PM -0500, Carl Fink wrote: > On Wed, Dec 03, 2003 at 05:52:30PM -0800, Vineet Kumar wrote: > > I'm considering keeping my private keys (ssh, gpg, etc) on removable > > storage, maybe one of those USB keys (then my keys could actually go on > > my keyring...). It's certainly not foolproof, but at least a sniffed > > passphrase could only be used against me when the key is inserted, > > which at least slightly reduces the possibility of a private key being > > compromised. > > If the system is rooted, it would be trivial to write a replacement > for ssh (GPG, etc.) that copies your private keys onto the hard drive > for later retrieval. Definition of "trivial" is: I, a bad > programmer, could do it.
What you'd actually want is hardware that stores the keys and does the signing and decryption for you, but refuses to expose the private key material itself to the host. Then, while a cracker could sniff your passphrase, the key itself would still be safe after the machine had been re-secured. You can go further by requiring physical presentation of smartcards or similar in order to use the key, which is less convenient but makes a passphrase more or less useless on its own. (Disclaimer: I work for such a company, although you'd probably have to do a bit of work at the moment to integrate our hardware smoothly with gpg and ssh.) -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
