Re: Developer security questions.

To: karlheg <karlheg@cathcart.sysc.pdx.edu>
Cc: Debian Developers' Forum <debian-devel@lists.debian.org>
Subject: Re: Developer security questions.
From: David Huggins-Daines <dhd@maclinux.plcom.on.ca>
Date: Wed, 30 Jun 1999 21:22:20 -0400
Message-id: <[🔎] 19990630212219.B16590@elm.plcom.on.ca>
Mail-followup-to: karlheg <karlheg@cathcart.sysc.pdx.edu>, Debian Developers' Forum <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 87vhc51nqz.fsf@bittersweet.sysc.pdx.edu>; from karlheg on Wed, Jun 30, 1999 at 12:39:48PM -0700
References: <[🔎] 87vhc51nqz.fsf@bittersweet.sysc.pdx.edu>

On Wed, Jun 30, 1999 at 12:39:48PM -0700, karlheg wrote:
>  Is it possible for someone, if they gained root on my workstation, to 
>  make a copy of my .pgp/ and .ssh/ directories, then use those from
>  anywhere on the net to log into master.debian.org, or sign a package
>  or email?

Use a good, long, secure passphrase.  If you are truly paranoid, then keep
your secret key on a floppy or something (or one of those nifty "secret
decoder ring" gadgets you can get these days :-)

If they get your passphrase, then yes, they can effectively assume your
identity.

-- 
dhd@maclinux.plcom.on.ca (wearing my Linux/m68k+Mac+Debian hat)
  Latest kernels/patches: http://maclinux.plcom.on.ca/pub/

Reply to:

References:
- Developer security questions.
  - From: karlheg <karlheg@cathcart.sysc.pdx.edu>

Prev by Date: RE: Postfix hoopla
Next by Date: Re: Developer security questions.
Previous by thread: Developer security questions.
Next by thread: Re: Developer security questions.
Index(es):
- Date
- Thread