[aur-general] [AUR4] Support of multiple ssh public keys
rgacogne at archlinux.org
Fri Jun 12 08:15:53 UTC 2015
On 06/11/2015 11:59 PM, Giancarlo Razzolini wrote:
> In the case of stolen/lost, it buy you a lot of time. Or you are aware
> of some cryptanalisys development I'm not aware of.
I am not, but everything depends on your threat model. If you are
targeted via an "evil-maid", or a cold-boot attack, FDE may be doomed.
In addition to that, passphrase-protection on SSH keys has been weak for
a long time, because a single MD5(IV || passphrase) is applied to
generate the AES key used to encrypt the SSH key .
OpenSSL 6.5 introduced a new KDF  using bcrypt, enabled by default
for ed25519 keys but not for RSA keys, so you may want to upgrade your
keys to use the new KDF manually.
> Now, if your machine is compromised, then I think that you might have
> bigger worries than the keys used to publish some packages on AUR.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the aur-general