Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Palm to FreeBSD using ssh

from [Mark Senior] Network Security [Permanent Link]
Subject: RE: Palm to FreeBSD using ssh
Date: Mon, 29 Aug 2005 13:18:26 -0600 
 

(snip)



- client theft - how likely is the device that stores your private 
keys to be stolen (or lost)?  The more likely this is, the more you 
should tend to use encrypted keys.  In the case of a 

portable device, 

I would weigh theft as by far the highest risk.


The key is a "DSA Private Key" which I assumed was safe.



The exchange of data over the network is safe enough against snooping or
alteration, (assuming the attacker doesn't know the private key) whether
you use an RSA or DSA key.

Theft is a different threat though - the type of key doesn't matter
then, the strength of the passphrase that's protecting it is what
matters.  If the private key is stored unencrypted on a palm pilot and
someone steals it, then any servers that allow logins with that key are
at risk until you can delete the corresponding public keys from your
authorized_keys files.


- client compromise - how likely is the device that stores 

you private 

keys to be compromised?  A Windows worm can compromise a 

Unix box, if 

the Windows box stores unencrypted ssh keys for the Unix box. 
Encrypting keys provide some defence in depth against this.


I was thinking of the palm pilot itself - the Mac is another storage
place, which can be be considered separately.  Presumably there's no
need for this tradeoff there, as openssh is pretty well tested and
supports encrypted private keys in the client.

Regards
Mark

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.


This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Palm to FreeBSD using ssh, Timothy Luoma
Next by Date:  Re: Palm to FreeBSD using ssh, Timothy Luoma
Previous by Thread:  Re: Palm to FreeBSD using ssh, Timothy Luoma
Next by Thread:  Re: Palm to FreeBSD using ssh, Timothy Luoma
Indexes:  [Date] [Thread] [Top] [All Lists]