[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH private keys, dangerous to carry around or not. Was Re: Where do you run ssh-keygen



Jochen Schulz wrote:
Nathaniel Homier:
Sudev Barar wrote:
Yes, but if you are carrying private key in your pen drive and you
loose it or some one copies it your total security is compromised
howsoever strong encryption algorithm was used to generate the key
pair.
I was under the impression that the pass phrase encrypted the file and that to make use of the private key I would have to supply my pass phrase, so I thought the private key was useless without the pass phrase.

Correct.

The 4096 bit just means that it would be pretty much impossible with todays tech to brute force the pass phrase,

No, 4096 bit is the length of the key. Such a key is resistant to brute
force ("guessing it"). If someone has your key (encrypted with your
passphrase), the target of a brute force attack is obviously your
passphrase because it would reveal your key unencrypted.

J.

Thanks for the key length explanation.


Reply to: