Date: Wed, 9 Aug 2006 08:17:45 -0700 (PDT) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: fwaggle <fwaggle@hungryhacker.com>, Brooks Davis <brooks@one-eyed-alien.net> Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 Message-ID: <20060809151745.81656.qmail@web30304.mail.mud.yahoo.com> In-Reply-To: <44D9E348.3060604@hungryhacker.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- fwaggle <fwaggle@hungryhacker.com> wrote: > i have a question. perhaps i'm misunderstanding something with how SSH > works, but how would having a "standard freebsd private key" benefit > anyone? if you wanted to impersonate a newly installed freebsd machine, > then all you'd need is that freely-available private key. plus you'd get > a bunch of clueless admins who had their machines installed by a > dedicated server provider, and who'd never change their host key, which > would effectively ruin SSH for their purposes. > Hmm... I was refering to the special problem of the beginner of this thread... As far as I understood him, he creates very special CDs, that are copied to the to-be-updated-box, that is buried very deeply in a computing centre. Those CDs may contain his special install-host-key without the problems u describe... > unless i've seriously missed the boat somewhere (it's happened before!) > i think a better solution would still be random key generation with a > nice little option to email the key signature somewhere that the new > admin could pick it up. it's still fraught with impersonation danger for > the paranoid, but imo it's a better idea than having a not-so-private > key on install. > Hmm... But then he would have the problem with a more complicated operation procedure, which has to be translated into hollandish-language (which is astonishingly quite similar to Africaans)... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060809151745.81656.qmail>