1 |
On 02.12.2003 Lisa Seelye <lisa@g.o> wrote: |
2 |
> On Tue, 2003-12-02 at 09:45, Ian Leitch wrote: |
3 |
> > On Tue, 2003-12-02 at 16:14, Alex Veber wrote: |
4 |
> > |
5 |
> > > I am not sure its a good Idea, I work on Gentoo from home and from school |
6 |
> > > uploading and downloading files all the time, the computers at school are |
7 |
> > > public and I can't put my key in there (If I forget to logout or something). |
8 |
> > |
9 |
> > You could ssh to home, then ssh to dev... if its not too much trouble. |
10 |
> |
11 |
> That's what I do. And I've gotten so good at typing my "strong" |
12 |
> password I can do it even with people watching and they won't get it. ;) |
13 |
|
14 |
What about those who're watching you from inside the computer? Their |
15 |
eyes are keen and their memory is long-lasting. Disabling password |
16 |
authentication is a security measure, but it is no panacea. By forcing |
17 |
developers to use keys you eliminate the problem of using passwords |
18 |
in general, such as weak passwords or the use of the same password for |
19 |
multiple places. |
20 |
|
21 |
But some people complain, they say that a key is more inconvenient |
22 |
than a password, for example, the key isn't as portable as a password, |
23 |
you can't use it anywhere. My reply is, you shouldn't be using it |
24 |
anywhere. You should never access a valuable resource from a computer |
25 |
that you don't trust. |
26 |
|
27 |
To force the use of keys exposes those who go around giving their |
28 |
password to any computer they see. If you don't trust a computer well |
29 |
enough to keep your key permanently on it, you shouldn't access gentoo |
30 |
from that computer. |
31 |
|
32 |
But it is true, sometimes security brings inconvenience. But I think |
33 |
the idea of "ssh to home and then to gentoo" as a remedy for accessing |
34 |
gentoo from an untrusted place is really bad. You've just given the |
35 |
attacker your home computer in addition to gentoo. |
36 |
|
37 |
-- hhg |
38 |
|
39 |
-- |
40 |
gentoo-dev@g.o mailing list |