[Discuss] ssh keys question

Kent Borg kentborg at borg.org
Fri Jun 17 19:31:11 EDT 2016 

On 06/17/2016 02:20 PM, Rich Braun wrote:
> You should also encrypt your private key with a passphrase, using 'ssh-keygen
> -p'. The ssh-agent allows you to use it repeatedly for the duration of a
> session without having to retype the password multiple times.

If you think anyone motivated might ever get a hold of your encrypted 
file, use a *really* good passphrase. Something in excess of 100-bits of 
entropy in it.

That's why I like much-maligned passwords. A very easy to remember and 
to type password such as:

   denver-deluxe-donald

Effectively dice-ware. It has 32-bits of entropy in it. Because sshd 
throttles login attempts, I'll be dead before anyone can brute-force it. 
(Except I told you all the password! Now it'll be easy! I know...I'll 
change it to perform-rebel-tennis! Oh, shit, now you know the 
replacement, too.)

If a password is (1) good and (2) not reused, it is good enough. Period. 
I realize my impractical, secret-can't-be-duplicated weapon here is the 
"not reused"-part. It seems there are only a handful of us on this 
planet who can manage that. Everyone reuses passwords dadada...but for 
the few of us who don't, they are a powerful technology.

And an ssh password doesn't have the extra attack surface of that 
encrypted file (backed up?) protected with only a crappy passphrase 
(bahama-herbert-cartel).

Want another dice-ware style password, but this time with 128-bits of 
entropy?

snow-bruce-block-absent-canal-trick-result-gorilla-diana-quebec-atomic-karma

Maybe you prefer that oh-so-catchy number:

c40f62dd-7849-40ad-a9ca-4a102f6e37b2

Not so easy to remember, nor to type blindly. But if you want to survive 
a brute-force attack on an encrypted file, having 128-bits of entropy 
more your target.

It is easy to "curve fit" and an idea around three random words (a good 
password), but horrible to try it on twelve (a good passphrase)--it gets 
very bumpy. And blind typing it without an echo is additionally error prone.

Typing passwords can be easy, typing a good encryption key cannot. Using 
ssh keys implies you protect those keys with another strong key, 
something that is really burdensome if done conservatively.


-kb, the Kent who just smiles when he sees breakin attempts (on root, 
who can't login anyway) when his user password (bingo-soviet-exotic) 
will last longer than he will.


P.S. A way to prevent (or slowdown) password reuse? Don't let users pick 
their own passwords! Tell User One his password is billy-active-decade, 
and tell User Two her password is subject-craft-mexico. Done. One of my 
banks does this, with just a 7-character password. When I login they 
choose three of the characters to ask for (take that, average spyware). 
Though recently it seems they are a little freaked out that every time I 
log in their cookie is gone: seems each time they have been asking for a 
different three characters. I haven't been keeping track, but it is 
possible they have been keeping one character in reserve and I have 
never typed it in their login--and therefore most spyware wouldn't know 
that obscure holdout. Maybe they will use it the day the decide to issue 
me with a new password.

More information about the Discuss mailing list