[Cryptography] Possible reason why password usage rules are such a mess
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Mar 4 19:32:52 EST 2020
Kent Borg <kentborg at borg.org> writes:
>the Kent who periodically rails against the conventional wisdom that ssh keys
>are better than ssh passwords, because he is a fool who insists fools are
>occasionally right.
Oh yes, it's far less secure than passwords, a study of SSH key storage a few
years ago showed, from memory, 80% were stored on disk in plaintext form, so
anyone who got one-off read access to the owner's files at any point could get
into every other account they had access to. But hey, the magic of public-key
pixie dust makes it "secure".
Peter.
More information about the cryptography
mailing list