[Cryptography] Possible reason why password usage rules are such a mess

[Kent Borg]

On 3/4/20 7:32 PM, Peter Gutmann wrote:
> a study of SSH key storage a few years ago showed, from memory, 80% 
> were stored on disk in plaintext form

To be fair, the cases where ssh keys are most appropriate are automated 
connections, where a plaintext key is needed.

My gripe is that a login password is completely different from an 
encryption passphrase. The former can be pretty thin and still be 
secure*, but the former needs to be pretty implausibly high entropy, 
almost impossible to remember and reliably type blindly.

An ssh key needs to be protected as the encryption key that it is.

-kb

* If the server checks the password at a limited rate AND passwords are 
not recycled between accounts or otherwise freely given to one's foes.