PHK's MD5 might not be slow enough anymore
Chris Palmer
chris at noncombatant.org
Thu Feb 4 02:19:47 UTC 2010
Dag-Erling Sm??rgrav writes:
> option to store their keys unencrypted, and there is nothing you can do on
> the server side do to prevent them? That's even *less* secure than
> passwords.
Less secure in certain, but not all, attack scenarios.
An attacker with code running on the client (i.e. any code author at all
with code on the client running as the user who wants to use the SSH
client... sigh) can log right in -- but that class of attacker could also
keylog the SSH key passphrase, too. (The problem is worse if you consider
local privilege escalaton vulnerabilities, and if the prevalence of those
vulnerabilities leads you believe that the fundamental guarantee of a
multi-user system cannot hold in practice.)
The true value of a passphrase is to stymie attackers who steal the key
(perhaps by stealing the laptop) but who don't have their own code running
on the client at the time the legitimate owner is using the machine. Full
disk encryption is a better, more general approach to that class of threat
anyway.
On the other hand, an attacker trying an online brute-force password guess
against the server still has no hope, without the unprotected key, even if
the key is not protected by a passphrase.
I don't disagree with any argument that more auth factors is better, of
course. But passphrase-less SSH keys are not necessarily the worst thing in
the world.
More information about the freebsd-security
mailing list