undefined | Better HN

0 pointsjcgl11mo ago0 comments

> every time you type the password to decrypt your private key you should worry about the possibility of some software running on your machine reading it and sending it somewhere.

Yes, I believe you should. On OSes without sandboxing and protections against exfiltration, this is a substantial concern. And you’d be foolish to e.g. keep a bitcoin private key lying around in your home dir. For this same reason, I think the common practice of leaving non-password-protected SSH keys in ~/.ssh is terrible.

0 comments

GTP11mo ago

Sure it's a bad idea to not encrypt your private keys, but the point here was that, even if you encrypt them, they will be unencrypted when you need to use them.

jcglOP11mo ago

> they will be unencrypted when you need to use them

Only in-memory though, right? Which shouldn't be so much of a problem.

j / k navigate · click thread line to collapse

0 comments

GTP11mo ago

Sure it's a bad idea to not encrypt your private keys, but the point here was that, even if you encrypt them, they will be unencrypted when you need to use them.

jcglOP11mo ago

> they will be unencrypted when you need to use them

Only in-memory though, right? Which shouldn't be so much of a problem.

j / k navigate · click thread line to collapse