-----Original Message----- From: coderman Sent: Monday, March 27, 2006 2:05 PM
On 3/27/06, Michael J Freedman <mfreed@cs.nyu.edu> wrote:
... This approach is certainly commonly done by people for useability. However, the problem is that the best security you get is that of security provided by the weakest site (i.e., the weakest link the chain analogy).
true; which is why i'd like to see them use a single good password to mount an encrypted volume and secure OS where the rest of the (different*) passwords and PIN's and whatever else are kept.
What are your thoughts on using PKI? For example, create private keys (with no passwords) and put them in an encrypted volume. Then use one strong password to unlock your encrypted volume (and thus, unlock your private keys), and then SSH to everywhere else securely. Thus a user need only remember one password to get access to all servers. (And you can individually grant or revoke access to servers by adding/removing the corresponding public key.) Win32 has 'TrueCrypt', which has a nice feature of auto-unmounting the encrypted volume on suspend/hibernate. Thus even if your laptop gets stolen while hibernated, the private keys aren't compromised. And if you're laptop is configured to suspend on the screen closing, they'd need to steal your laptop from you, while it's running, and begin hacking on it before closing the screen. (And in the time someone can mount an offline attack, you can remove the user's corresponding public keys from the servers.) -david