On Tue, 2004-07-06 at 16:54, mike@xxxxxxxx wrote:
> I would also argue that if I have access to your account than I eventually
> have access to your PGP keys. I can install something in .bash_profile and I
> can read your process memory, right?
>
> I suppose that one could argue that all these passphrases and passwords are a
> defense in depth technique, but here is a fundamental problem: your system
> authentication token says to the system "this is me" and if that is not the
> case then all else is eventually doomed.
Well:
- Because you mentioned it: having my PGP keys on a USB stick that I
carry around with me, an attacker is at least forced to try to read my
memory or install a key logger, mere mailing home .gnupg/secring.pgp
from .bashrc won't work. I know that this is not 100% secure (what is?),
but it's a reasonably high hurdle.
- Having login and secret storage authentication tokens separate allows
me at least to tell the system "this is me and I want this accessible
now". It's the same with not logging in as root, but using su when you
need sufficient privileges ;-).
Nils
--
Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
Attachment:
signature.asc
Description: This is a digitally signed message part
