Even worse, using the same key on multiple servers also allows a simple
replay attack where a valid login to server A is used afterwards to login
to server B. This works if both servers authenticate independently, since
the (monotonically increasing) serial number saved on B is not updated
when logging to A.
After reading the mail thread, it seems to me that the way out of this as
implemented by Fedora is that the user doesn't even know their AES key,
because the script writes it to the key automatically so they can't use
the same key elsewhere. That is, they don't say "don't do that, it's bad",
they say "it's ok because the script doesn't let you do that".
Anyway, don't do it, it's bad for you. :)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds