> > Some of us USE the PSN for good and not evil. I hacked ssh to append
> > the PSN of all cpus in my system in ascending order to my passphrase.
> > That's an extra 24 bytes of passphrase that I don't have to type but
> > still keeps me feeling that much more secure. If my passphrase is
> > somehow compromised, I'm ok unless someone has physical access to my
> > machine.
>
> Or network access to your account, in that case. Reading the PSN
> doesn't require physical access (unless you dig deeper in the kernel
> to require a process to own the console for that, not sure if this is
> possible).
>
> What you describe is roughly equivalent to storing the 24 extra bytes
> in a local file or in a hacked copy of the ssh program itself.
Which actually decreases security because it's no longer just in
your head. :) This means that a bad guy can learn part of your pass-
phrase, and with that have a potentionally easier time figuring out the
rest.
Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/