Friday, March 31, 2006

Geek Talk: Public Key is Cool; Passwords Drool

Let's say you start working on a project with a group of people that will require you to upload files to some central server so that everyone can access them. (this goes for revision controlled systems too) The leader of that project sends an plain text e-mail around letting everyone know what the SFTP site is, what the user name is, and what the password is.

This is just silly. You've exported sensitive information (the password) over a link that is not secure (plain text e-mail) and now the password is being stored in multiple places not in your control (the e-mail boxes of all of the recipients).

There is another way, and that way is so much better: public key authentication.

Rewind a second and imagine if things worked a different way. Imagine that instead of sending a password to everyone, you request that everyone send you their public keys. In fact, these keys might be found on each person's personal website somewhere. (as long as it's a hard task to factor huge primes from huge numbers, this is safe) (they might even send you multiple keys) You then add those keys to a text file somewhere and that's it -- everyone has access. If you want to remove access to one particular person, remove that person's public key from the file.

You see, back on each user's home computer, there is a private key stored somewhere. That private key is never exported. When the person uses ssh (via sftp) to login to the server, the private key on her machine works with the public key on the remote machine to authenticate. This happens automatically. The person doesn't even get prompted for a password. Access is immediately granted.

A downside to this is that anyone who gets access to your computer (where your private keys are stored), then that person has password-less access to all of the machines that have your public key on them. Well, to prevent this, when the public-private key pair are generated, they can be generated with a "passphrase." The passphrase is like a password for the private key. In order to use the local private key, you need the passphrase. So there is no password for the remote machine, but there is a passphrase for the local key.

It's such a beautiful system. It's much more secure than passwords. It's much nicer to administrate.

Everything password-centric should move to this system. It's very exciting.

And that's the geek talk for today.

Technorati Tags: , , , , , , , , , , ,

No comments: