Security of ssh key passphrases - i.e. where to save them?

Ralf Mardorf kde.lists at yahoo.com
Sun Aug 18 11:58:38 UTC 2024 

On Sun, 2024-08-18 at 11:44 +0100, Chris Green wrote:
> I have nothing on my 'phone worth stealing (no banking apps, no address list,
> no passwords).

Hi,

this and nothing else is the only secure approach.

I regularly receive blackmail emails containing my passphrases, which
are impossible to guess and which I actually use. I don't care at all
that criminals hold such passphrases from me in their dirty hands,
because they can't do anything with it, apart from the fact that they
have access to a mailing list account.

Don't grant access to "sensitive information" by anything connected to
the public via an antenna or cable.

Whenever you search the internet for "cve ssh", you will find something
critical that is highly topical.

Besides, the people who film me on webcam eating soup with a fork and
chopsticks and who have access to everything on my computer should know
that I can't afford the money they're asking for. Every webshop analysis
programme, Google and friends know exactly how much money I have without
them using any (ir)relevant passwords.

Thanks to the dead city centres, I can't avoid ordering everything from
clothes to guitar strings on the internet. What I'm making public about
this and putting in the dirty criminal hands of Google and Co is
worrying.

Passwords have never been a real problem in the history of computer
technology. None of the major computer disasters that have been in the
news around the world in recent years have had anything to do with
passwords.

Many people make a living of the passphrase issue myth by offering
"solutions" such as Sm at rt-TAN, Face ID and the like and last but not
least Bitwarden, which offers browser extensions for full-googled
browsers ;). You can't trust any browser, especially not the full-
googled browser, such as Chrome or Firefox.

In the past, before the home computer and smartphone age:
https://en.wikipedia.org/wiki/Crypto_AG
Make an educated guess!

In your case, the security vulnerability is not the handling of
passphrases, but the unreliability of OpenSSH.

Regards,
Ralf

More information about the ubuntu-users mailing list