1 |
On Wednesday 17 September 2008 13:16:57 Jil Larner wrote: |
2 |
> Hello, |
3 |
> |
4 |
> You cannot. The reason for this is simple : you can copy as many times |
5 |
> as you wish it your private key in any place. Even if you were able to |
6 |
> check-up that a private key is passphrase-protected, it wouldn't mean |
7 |
> every single copy of that key is protected so. And the interest of the |
8 |
> private key is that only the owners possesses it and hides it; thus you |
9 |
> shouldn't think about a mensual submission of the keyfile to |
10 |
> automatically check it is protected, because it would open a serious |
11 |
> security hole. |
12 |
|
13 |
Agreed. The hole I would like to close (or make smaller) is that the key is |
14 |
the main security between the user's desktop machine and the core routers on |
15 |
my network. We originally switched to ssh keys because users will gladly |
16 |
share passwords with each other without regard for consequences, and the |
17 |
administration of this is a nightmare. |
18 |
|
19 |
Keys make for better security, but I would like it to be even better. I also |
20 |
want to have my facts 100% straight - if I tell my boss "it can't be done" I |
21 |
like to show research to back it up. There's nothing worse than saying |
22 |
something can't be done, and someone else in the room immediately says how it |
23 |
can be done ... :-) |
24 |
|
25 |
|
26 |
|
27 |
-- |
28 |
alan dot mckinnon at gmail dot com |