[148719] in cryptography@c2.net mail archive
Re: [Cryptography] Passwords are dying - get over it
daemon@ATHENA.MIT.EDU (Sean Lynch)
Wed Dec 25 17:01:19 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAOLP8p6y2iYCcUOQY21kCWcuFo-M4GZD=QiDea_4BbPcSsEyZQ@mail.gmail.com>
Date: Wed, 25 Dec 2013 12:16:58 -0800
From: Sean Lynch <seanl@literati.org>
To: Bill Cox <waywardgeek@gmail.com>
Cc: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============7999802152710479828==
Content-Type: multipart/alternative; boundary=047d7b66f9cb0f22c204ee618b56
--047d7b66f9cb0f22c204ee618b56
Content-Type: text/plain; charset=UTF-8
On Dec 23, 2013 7:39 AM, "Bill Cox" <waywardgeek@gmail.com> wrote:
> It bothers me that I get more security from carrying a metal key to a
physical lock than I can get online. Maybe I'll put a key file on my phone
and try to be a bit more secure with my TrueCrypt password safe. I
certainly can't count on just their key stretching.
>
> How would you recommend protecting your ssh private key?
I carry mine on my keyring, on a gnupg smartcard in a gemalto shell. I also
use it for X.509 auth via scute. If you want something cheaper and slightly
less tamper-proof, get a Gnuk token. Both are USB only; I'm guessing Google
will use something like the Yubikey Neo, which supports NFC, for their
password elimination master plan.
What's wrong with this approach? It is analogous to what everyone does for
physical security already.
--047d7b66f9cb0f22c204ee618b56
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr"><br>
On Dec 23, 2013 7:39 AM, "Bill Cox" <<a href=3D"mailto:wayward=
geek@gmail.com">waywardgeek@gmail.com</a>> wrote:<br>
> It bothers me that I get more security from carrying a metal key to a =
physical lock than I can get online. =C2=A0Maybe I'll put a key file on=
my phone and try to be a bit more secure with my TrueCrypt password safe. =
=C2=A0I certainly can't count on just their key stretching.<br>
><br>
> How would you recommend protecting your ssh private key?</p>
<p dir=3D"ltr">I carry mine on my keyring, on a gnupg smartcard in a gemalt=
o shell. I also use it for X.509 auth via scute. If you want something chea=
per and slightly less tamper-proof, get a Gnuk token. Both are USB only; I&=
#39;m guessing Google will use something like the Yubikey Neo, which suppor=
ts NFC, for their password elimination master plan.</p>
<p dir=3D"ltr">What's wrong with this approach? It is analogous to what=
everyone does for physical security already.</p>
--047d7b66f9cb0f22c204ee618b56--
--===============7999802152710479828==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============7999802152710479828==--
