[Nottingham] Ouch (ssh keys)

Nick Leverton nick at leverton.org
Sat Jan 26 22:37:11 UTC 2013


On Fri, Jan 25, 2013 at 04:10:19PM +0000, Jason Irwin wrote:
> On 25/01/13 15:36, Rory Holland wrote:
> >They'd still need to crack a 2048 or 4096-bit RSA key though, even with
> >access to your id_rsa. As long as you have a secure passphrase you could
> >tattoo your private key on your face and it wouldn't matter.
> I put it to you that the kind of person who uploads their private
> key to github (or "the cloud" or whatever) is the kind of person who
> didn't set a passphrase or uses a simple dictionary word.  Assuming
> these are test key, of course.
> 
> The idea of having an SSH key tattoo is amusing.  Maybe as a QR code
> to be super-l33t?

Kind of hard to supersede it though when the login key changes.

Nick



More information about the Nottingham mailing list