Re: xx about SSH

I am very tired and sick today, so this will be a short and late one! Possibly incoherent.

About passwords/passphrases

Reply

NEVER USE THE SAME PASSWORD EVER!!!

I didn't say use the same passphrase, I said

In what scenario would the bad actor not have the passphrase for the second key as well?

What I meant is, there is no scenario I can come up with, where a bad actor has access to one key and one passphrase, unless you deliberately take steps to further secure other keys and every key would need a different extra measure. The time/skill required to get one set, is the time/skill required to get all.

Attack vectors and things

I am not terribly worried about devices that get stolen, the only devices I used is either set with a self destruct, boot encrypted disks or both, I also do not use public Wifi, because why?

The more serious attack vectors at least for me are key-agents and connection hopping. If you aren't running encrypted ram, your key is held available in your ram (I am yet to hear of anyone ever using ram exploits though). As for connection hopping, you are exposing your connections to that middle host, is it truly secure?

My third attack vector would be burglary, I am extremely easy to burgle, but we are still talking encrypted disks, self destructs and a third little surprise I won't disclose here.

My brain churning's

I feel like a lot of this is generally superfluous, the only really plausible scenario here is someone planting something in your pc, to get access to the key while it is online. If they have access to your pc, without your knowledge, your goose is cooked and your keys aren't your biggest worry, the possible pictures of passport, drivers license or other sensitive info is.

This is one of the things I like about certs and the pub/priv scheme, you use offline bits, to access online things and the remote host has nothing of any value. The only way we can get any safer is by requiring a real world action to connect, but pigeons and smoke isn't really that practical anymore.

✉️ Throw me a mail

↖️ To parent

Created 2024-10-09 - Updated 2024-10-09
Source