undefined | Better HN

0 pointsKyeRussell4y ago0 comments

Why be obtuse? Are you talking about compromising the client machine? In which case, you’ve already lost all your keys, and you’re relying on their passphrases being set.

0 comments

otabdeveloper44y ago

I'm saying private keys are not more secure by default. If your development machine is compromised (which is really easy to do, BTW) they'll steal your keys and probably will have root on your servers and access to your github accounts.

Stealing passwords is much harder in comparison.

bitexploder4y ago

As an attacker, maybe true depending on your target. As a user I have had my passwords compromised many times. My SSH keys never have and I don’t know of any prominent evidence this happens much at all. I have been doing reversing, netsec, and appsec for 15 years now, so my memory goes back a ways. Plus, for example, my main system a Linux desktop. You can and should password protect your SSH keys, which further eliminates a number of key compromise scenarios.

j / k navigate · click thread line to collapse

0 comments

otabdeveloper44y ago

Stealing passwords is much harder in comparison.

bitexploder4y ago

j / k navigate · click thread line to collapse