Patrik Carlsson <[EMAIL PROTECTED]> writes:
>You could remove your key passphrase - but it's not recommended for obvious
>security reasons!
Everyone says that, but I've never seen anyone elucidate on the so-called
"obvious" reasons.
The key file is protected by root-read-only permissions. Only someone with
root access can read the file. If someone has root access, they can gcore
your running daemon and extract your private key from the core dump with just
a little more work.
>From my point of view, the key passphrase gives people a false sense of
security (as well as added inconvenience).
-Michael Robinson
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
