LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SSH keys

SSH keys

Posted Sep 26, 2011 21:11 UTC (Mon) by njs (guest, #40338)
In reply to: SSH keys by job
Parent article: A kernel.org status update

Cryptographers generally frown on re-using the same keying material in multiple protocols, since there can be nasty interactions. Even if two protocols are individually secure, it's possible that one protocol will reveal information about the key that lets you break the other protocol. (For instance, public-key based login protocols will often have the server issue a nonce, which the client will sign and send back, to prove that it has the private key. Consider what happens if your client is using your PGP key, and the server just so happens to choose a nonce which is also a valid email message...)

Sending an SSH key in a PGP-signed message avoids this problem, and still lets you use the web of trust.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds