[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HashKnownHosts

Wouter Verhelst wrote:

> and
> relying on other people's security to increase your own isn't pretty
> clever, actually.

Well, it increases your own security to: It makes it harder to use your
machine, were it to be compromised, as an attacker. This increases your
security in two ways:

1. Generally, you log into (and thus have public keys for) boxes you
care about. The worm won't be able to auto-propogate to those machines.
[Remember, there have been root exploits in sshd before. And worms that
exploited them.]

2. You won't have to convince law enforcement, your employer, etc. that
no, really, you didn't attack that machine, it was a worm, because the
attack won't happen (at least from your machine).

And, in general, turning this on by default increases the general
security of the Internet. That is a good thing, really. Its unfortunate,
but when you share a network with a billion other people, you have to
rely somewhat on the security of their machines.

Reply to: