Re: [tlug] bootable linux with sshd

[Curt Sampson <cjs@example.com>]

On Wed, 3 Jan 2007, Fergal Daly wrote:

> On 03/01/07, Curt Sampson <cjs@example.com> wrote:
> > That's the whole point. It's especially good if you disallow password
> > logins, since then you've got to get hold of two different sorts of
> > secrets (a password and a key file, which also usually has a passphrase
> > on it), only one of which is subject to guessing.
>
> > From an information theory point of view and for many practical purposes
>
> 1 long secret == 3 shorter secrets

For this particular case, you've gone right off the rails.

If the attack you're defending against is *only* guessing of the secrets
necessary to log in to that computer, you'd be correct. But in that
case, given that an ssh private key contains very nearly the same amount
of information (i.e., is almost exactly "as long") as an ssh private key
plus two long passphrases, there's no point in using anything but the
ssh key.

However, this is not the attack you're defending against. Nobody's going
to guess that in your lifetime.

So, if they need an ssh key to log in (which they do if you've disabled
password logins), they need to steal it. Someone with access to your
hardware could probably do this without too much difficulty. Once
they've got it, they're going to try to brute force the passphrase,
and if they are determined, they will likely succeed, unless you're
using a very, very good one, which you're probably not. (Is it over
25 characters long, including upper and lower case, numbers and
punctuation?) Given the speed of modern CPUs, even long passphrases are
very weak these days.

On the other hand, the password they need to sudo cannot be gained by
copying it from your hardware (unless you've been a bit silly), so
that requires a completely different attack vector. Brute-forcing it
is practical, but probably not by using the system they want to attack
as an oracle, since even with a fairly weak password you'll notice the
attempts long before they guess that secret. On the other hand, it's
quite probable that you're using that password or a variation of it on
other systems, and they might get access to one of those to use as an
oracle for testing their guesses.

However, with both of these systems in place, they've got two quite
separate attacks to mount: one requiring physical access to your
hardware, the other requiring access to systems that you use where
you're likely to use a similar password. The number of people you
associate with that have fairly easy access to both of these things is
probably much, much smaller than the number of people you work with that
have access to one of these things.

Oh, I am assuming that you use something quite different for your ssh
private key passphrase and your login password; if you don't, it would
be a good idea to do so.

cjs
--
Curt Sampson       <cjs@example.com>        +81 90 7737 2974