Re: HashKnownHosts

To: debian-devel@lists.debian.org
Subject: Re: HashKnownHosts
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 3 Jul 2005 00:21:58 +0100
Message-id: <[🔎] 20050702232158.GE8598@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20050702214240.GB9896@wonderland.linux.it>
References: <[🔎] 20050702091926.GA6989@wonderland.linux.it> <[🔎] 87zmt58ij8.fsf@deneb.enyo.de> <[🔎] 20050702174831.GA2549@rnb.grep.be> <[🔎] 87psu1xc5p.fsf@deneb.enyo.de> <[🔎] 20050702205912.GB2549@rnb.grep.be> <[🔎] 20050702214240.GB9896@wonderland.linux.it>

On Sat, Jul 02, 2005 at 11:42:40PM +0200, Marco d'Itri wrote:
> On Jul 02, Wouter Verhelst <wouter@debian.org> wrote:
> > Well, then the 'foundation of Internet security' is very weak, I'm
> > afraid. It's plain stupid to rely on someone else to get _your_ security
> > working correctly. Think about it.
> 
> There is also the quite important point that even the most stupid of the
> attackers could just look at ~/.bash_profile instead and get all or most
> of the hostnames anyway, so I still do not see the benefits of enabling
> this option by default.

Also, this is not true in a world where many desktop users are using GUI
frontends to sftp or the like.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- HashKnownHosts
  - From: md@Linux.IT (Marco d'Itri)
- Re: HashKnownHosts
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: HashKnownHosts
  - From: Wouter Verhelst <wouter@debian.org>
- Re: HashKnownHosts
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: HashKnownHosts
  - From: Wouter Verhelst <wouter@debian.org>
- Re: HashKnownHosts
  - From: md@Linux.IT (Marco d'Itri)

Prev by Date: Re: HashKnownHosts
Next by Date: Re: HashKnownHosts
Previous by thread: Re: HashKnownHosts
Next by thread: Re: HashKnownHosts
Index(es):
- Date
- Thread