North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical


  • From: Joshua Goodall
  • Date: Sat Apr 29 03:36:12 2000

> Since we are going into a description of cryptography, we might as well
> bring up that since the random number generator used to generate the
> supposedly random RSA key pair _is_ predictable ... [split]

This statement is a litle too broad. I would contest that the design of,
say, FreeBSD's /dev/random permits sufficient entropy collection to
usefully initialise a strong hashing algorithm with a non-predictable

> [split] ... the whole idea of perfect security is improbable at best;
> the exercise does make it difficult for people with only a casual
> interest in your operations to directly compromise them.

This statement hits the mark, but I like to be explicit, to scare security
neophytes: if you have ever crossed-over passwords, shared them between
two systems, or made any kind of assumption that means the security of one
password has depended on the security of another then all such linked
accounts passwords are potentially compromised simultaenously.

If you're paranoid enough to accept that, then :

a) maybe your security could be good enough
b) perhaps you should consider using SSH key agents rather than passwords.

- joshua