On Wed, 2005-12-07 at 14:35, peter kostov wrote: > On Wed, 2005-12-07 at 11:36 -0500, Scot L. Harris wrote: > > On Wed, 2005-12-07 at 10:09, Matthew Miller wrote: > > > On Wed, Dec 07, 2005 at 09:53:56AM -0500, Scot L. Harris wrote: > > > > > I am not saying not to use key based authentication, but it is not a > > > > > cure all. > > > > You are correct, there are no magic bullet solutions. Typically you > > > > would still use a password/passphrase to use your private key. Of > > > > course the same rules apply as to any password, use a good non-trivial > > > > one that can not be guessed. > > > > > > And even more so than normal, since anyone with a copy of the key can > > > attempt to brute-force the passphrase at their leisure. > > > > Which is why you need to protect your private key.... > > > And what about storing the private key on a memory card or usb memory > stick? What about it? IMHO you should always use a non-trivial password/phrase with any key you setup. Of course if most users used good passwords brute force attacks would be more difficult than they are now. Using a key means a hacker has to some how obtain that key before they can try and break your pass phrase. Remember the idea is to be just a little more secure than the guy next to you.
