nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LinkedIn password database compromised

From: Leo Bicknell <bicknell () ufp org>
Date: Wed, 20 Jun 2012 15:52:23 -0700
In a message written on Wed, Jun 20, 2012 at 06:37:50PM -0400, valdis.kletnieks () vt edu wrote:

I have to agree with Leo on this one.  Key management *is* hard - especially
the part about doing secure key management in a world where Vint Cerf
says there's 140M pwned boxes.  It's all nice and sugary and GUI-fied and
pretty and Joe Sixpack can do it - till his computer becomes part of the 140M
and then he's *really* screwed.


I'm glad you agree with me. :)  

That's no different than today.  Today Joe Sixpack keeps all his
passwords in his browsers cache.  When his computer becomes part of the
botnet the bot owner downloads that file, and also starts a keylogger to
get more passwords from him.

In the world I propose when his computer becomes part of the botnet
they will download the private key material, same as before.

My proposal neither helps, nor hurts, the problem of Joe Sixpack's
machine being broken into is orthoganal and not addressed.  It needs to
be, but not by what I am proposing.

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: