[ALUG] Gnome, seahorse, gnome-keyring-daemon - any good howtos or overviews anywhere?

Chris G cl at isbd.net
Fri Dec 18 09:53:52 GMT 2009 

On Thu, Dec 17, 2009 at 10:44:42PM +0000, Wayne Stallwood wrote:
> Chris G wrote:
> >
> >No it isn't.  It's in a file *at the other end* totally inaccessible
> >to the intruder until he's guessed it.  The private key on the other
> >had *is* at the end where the intruder is so has to be encrypted.
> >
> 
> You are taking one (relatively unlikely) attack vector where an
> intruder gains access to your specific machine in order to get
> access to another. This is the explicit case where the private key
> protects you and with the current state of the encryption used a
> brute force would be pretty much the only viable way of getting the
> passphrase to open the key, in which time you would hopefully have
> noticed the local breach and changed it. At which point they may as
> well have tried a direct brute force attack against sshd itself.
> 
> Normally the intruder would be coming from a different machine and
> wouldn't have the private key in the first place.
> 
Not generally true unless they're doing IP spoofing as well because I
only allow access from two specific IP addresses.

The important case for me is access from 'out there' in to my machine
(well, in to my server machine actually, there's a further hurdle to
my desktop machine).  The 'out there' machines are not mine, most
definitely 'untrusted', the security rules then suggest that you
*shouldn't* keep any private keys there.


> Don't make the mistake of dreaming up one possible attack vector and
> basing all your security measures upon that assumption. The fact is
> that if you are only allowing key based authentication then an
> intruder needs to break into your machine first *and* crack the
> passphrase on the private key. At the point your local machine is
> compromised and had you been using a password login to the remote
> system they could have just installed a keylogger or a login spoof
> and captured a password for the remote system anyway.
> 
The key logger can capture my passphrase too can't it?  Then the
intruder has access to every system where I'm using that key.

> So overall if you are using passphrase protected keys you have still
> increased overall security because the private key has to be stolen
> and compromised first. Making an attack from a machine other than
> yours pretty difficult and an attack from your machine as difficult
> as if they didn't have a password for interactive authentication
> (they still have to guess or capture the passphrase, which is the
> same effort as guessing or capturing a login password)
> 
I can see what you're getting at and I half agree but I'm not sure
that the game is worth the candle still.

-- 
Chris Green

More information about the main mailing list