Codeberg/Documentation
42
199
Fork
You've already forked Documentation
161

Passphrase or not? #2

Closed
opened 2019年06月05日 13:29:46 +02:00 by buhtz · 17 comments

For the documentation it is need to decide if Codeberg recommend an passphrase secured key or not.

Just say yes because it is more secure doesn't help because it is theoretical.

I would argue that a passphrase is not needed if you use different keys for different machines. If someone use/stole this key all modifications on the account and repository are logged.
If the user is aware of the stolen key it can be removed.

It is know that it lower the security if a process becomes to complex.

Is there a defined way to find consense about such questions?

For the documentation it is need to decide if Codeberg recommend an passphrase secured key or not. Just say _yes_ because it is more secure doesn't help because it is theoretical. I would argue that a passphrase is not needed if you use different keys for different machines. If someone use/stole this key all modifications on the account and repository are logged. If the user is aware of the stolen key it can be removed. It is know that it lower the security if a process becomes to complex. Is there a defined way to find consense about such questions?

@buhtz
Someone (or malware) could copy a key without you noticing. Using passwords is more secure and to unlock a key once by using an ssh-agent is not a big problem. If you have a different opinion that we could just avoid to recommend anything just state that it is more secure to have a password.

@buhtz Someone (or malware) could copy a key without you noticing. Using passwords *is* more secure and to unlock a key once by using an ssh-agent is not a big problem. If you have a different opinion that we could just avoid to recommend anything just state that it is more secure to have a password.
Author
Copy link

But when the key is copied I would automaticly notice this because I see irregular modifications in my repository.

But when the key is copied I would automaticly notice this because I see irregular modifications in my repository.

@buhtz
If you only use the key for repositories, probably. If you share keys for multiple uses (for example for ssh logins), you should definitely use passphrases.

I personally would always use passphrases since using an ssh-agent and typing in the password once per session is acceptable to me.

In other words: If I have to chose between much more security and a little more comfort, I take security.

@buhtz If you only use the key for repositories, probably. If you share keys for multiple uses (for example for ssh logins), you should definitely use passphrases. I personally would always use passphrases since using an ssh-agent and typing in the password once per session is acceptable to me. In other words: If I have to chose between much more security and a little more comfort, I take security.

@ashimokawa If a malware is able to copy the key, then the attacker could also install a keylogger which sniffs the passphrase of the key(s).
To quote from the Qubes-OS documentation:

We should make a rather obvious comment here that the so-often-used passphrases on private keys are pretty meaningless because the attacker can easily set up a simple backdoor which would wait until the user enters the passphrase and steal the key then`

@ashimokawa If a malware is able to copy the key, then the attacker could also install a keylogger which sniffs the passphrase of the key(s). To quote from the [Qubes-OS documentation](https://www.qubes-os.org/doc/split-gpg/): >We should make a rather obvious comment here that the so-often-used passphrases on private keys are pretty meaningless because the attacker can easily set up a simple backdoor which would wait until the user enters the passphrase and steal the key then`

@chrisrandom
I still think that passwords are not meaningless. I mean if have them lying around on an USB stick and forget it somewhere, I feel better if they have passwords.

Also it is easier to copy someones key when he leaves his PC unattended for a few minutes than installing a keylogger and steal the key, and obtain the data from the keylogger, and matching the data from the keylogger to the password.

These arguments somehow sound to me like "I do not lock my door, because if someone wants to pry it open he will succeed anyway".

Sure, passwords wont help in many situations, but I really do not think they are useless.

@chrisrandom I still think that passwords are not meaningless. I mean if have them lying around on an USB stick and forget it somewhere, I feel better if they have passwords. Also it is easier to copy someones key when he leaves his PC unattended for a few minutes than installing a keylogger and steal the key, and obtain the data from the keylogger, and matching the data from the keylogger to the password. These arguments somehow sound to me like "I do not lock my door, because if someone wants to pry it open he will succeed anyway". Sure, passwords wont help in many situations, but I really do not think they are useless.

my previous comment was focused on the argument about the malware above. If they lying around on unprotected devices, I agree to you.

my previous comment was focused on the argument about the malware above. If they lying around on unprotected devices, I agree to you.
Author
Copy link

Currently I just added a link to this Issue here on the related wiki page.

https://codeberg.org/Codeberg/Documentation/wiki/SSH-key-for-Codeberg

I am not "Codeberg" so I am far a way from decide this. But from the viewpoint as a "simple user" I would like to have an official and reasoned recommendation about the topic.

Currently I just added a link to this Issue here on the related wiki page. https://codeberg.org/Codeberg/Documentation/wiki/SSH-key-for-Codeberg I am not "Codeberg" so I am far a way from decide this. But from the viewpoint as a "simple user" I would like to have an official and reasoned recommendation about the topic.
Owner
Copy link

I guess there is no common opinion on this, but using a passphrase definitely increases account security, as it involves an additional authentication factor.

As nowadays ssh-agent-implementations for all desktop environments are pretty common, which either store+replay the passphrase auth per session, or in a keychain, in most cases having a passphrase won't even make access less comfortable.

Maybe worth linking to https://en.wikipedia.org/wiki/Ssh-agent or just paraphrasing the main points?

I guess there is no common opinion on this, but using a passphrase definitely increases account security, as it involves an additional authentication factor. As nowadays ssh-agent-implementations for all desktop environments are pretty common, which either store+replay the passphrase auth per session, or in a keychain, in most cases having a passphrase won't even make access less comfortable. Maybe worth linking to https://en.wikipedia.org/wiki/Ssh-agent or just paraphrasing the main points?
Author
Copy link

On the current state I do not use a passphrase or the agent. And I have no plan to change that - maybe later.

So I am not able to add valid informations about passphrase and the use of the agent to the wiki.

But I would recommand not to link somewhere but describe the steps in the codeberg wiki. When it is "finished" I could test - if I understand it. ;)
I would also be interested in using the passphrase/agent in combination with KeePassXC passwordmanager.

On the current state I do not use a passphrase or the agent. And I have no plan to change that - maybe later. So I am not able to add valid informations about passphrase and the use of the agent to the wiki. But I would recommand not to link somewhere but describe the steps in the codeberg wiki. When it is "finished" I could test - if I understand it. ;) I would also be interested in using the passphrase/agent in combination with KeePassXC passwordmanager.
Contributor
Copy link

Sorry to jump in with basically no knowledge, but not understanding the whole discussion made me wondering whether the documentation should also mention what SSH keys are for, and the pros and cons of using them.

Or should it be assumed that most users know about it already? I don't know about that topic, but I'm not a programmer; I use Codeberg for my R code and I have no other IT knowledge.

Feel free to ignore my comment!

Sorry to jump in with basically no knowledge, but not understanding the whole discussion made me wondering whether the [documentation](https://docs.codeberg.org/security/ssh-key/) should also mention what SSH keys are for, and the pros and cons of using them. Or should it be assumed that most users know about it already? I don't know about that topic, but I'm not a programmer; I use Codeberg for my R code and I have no other IT knowledge. Feel free to ignore my comment!
Contributor
Copy link

@ivan-paleo True - this will very likely be a part of #56

@ivan-paleo True - this will very likely be a part of #56

I would recommend it.

An SSH key without a passphrase is only security through possession.

An SSH key with passphrase, on the other hand, is security through possession and knowledge.
Even if an ssh-agent is used, it is usually still secured by the user login with password (knowledge).

Furthermore, such a first key is used much longer than expected. If you have secured it with a password, it is more sustainable in the long run.

We live in a time where more and more data is synced and more and more data ends up in the cloud without encryption. A password is better.

I would recommend it. An SSH key without a passphrase is only security through possession. An SSH key with passphrase, on the other hand, is security through possession and knowledge. Even if an ssh-agent is used, it is usually still secured by the user login with password (knowledge). Furthermore, such a first key is used much longer than expected. If you have secured it with a password, it is more sustainable in the long run. We live in a time where more and more data is synced and more and more data ends up in the cloud without encryption. A password is better.
Contributor
Copy link

The least we can do is to make our users aware of the possibility to use a passphrase, give a short, neat summary of its benefits and thus enable each user to make an informed decision. That way we don't have to explicitly recommend anything of which we have mixed opinions.

The least we can do is to make our users aware of the possibility to use a passphrase, give a short, neat summary of its benefits and thus enable each user to make an informed decision. That way we don't have to explicitly recommend anything of which we have mixed opinions.
Contributor
Copy link

How do we want to proceed?

Would maybe the solution I proposed above be an acceptable compromise? 😉

How do we want to proceed? Would maybe the solution I proposed above be an acceptable compromise? :wink:

For me yes, because it is indirectly close to a recommendation.
Or we take a vote ;)

For me yes, because it is indirectly close to a recommendation. Or we take a vote ;)
Owner
Copy link

The least we can do is to make our users aware of the possibility to use a passphrase, give a short, neat summary of its benefits and thus enable each user to make an informed decision.

this sounds good imo, user should be empowered to decide responsibly.

How do we want to proceed?

;) those who do have the power in a do-o-cracy ;)

> The least we can do is to make our users aware of the possibility to use a passphrase, give a short, neat summary of its benefits and thus enable each user to make an informed decision. this sounds good imo, user should be empowered to decide responsibly. > How do we want to proceed? ;) those who do have the power in a do-o-cracy ;)
Contributor
Copy link

In that case: PR is welcome 😉

In that case: PR is welcome :wink:
Sign in to join this conversation.
No Branch/Tag specified
main
renovate/mstruebing-editorconfig-checker-3.x
renovate/lycheeverse-lychee-0.x
renovate/markdownlint-cli2-0.x
renovate/markdown-it-14.x
renovate/davidanson-markdownlint-cli2-0.x
renovate/node-lts-slim
renovate/npm-pnpm-vulnerability
ci_pr_close_no_preview
pr-554
pr/554
gitea-icons-shortcode
No results found.
Labels
Clear labels
Codeberg Pages
Issues affecting Codeberg Pages
Documentation Usability
Issues related to using and reading docs.codeberg.org
Forgejo
Good First Issue! 👋
Kind: Bug
Kind: Documentation
Kind: Enhancement
Kind: Feature
Kind: Question
Kind: Security
Licensing
Part: Generator
This is related to the generation of the documentation, not to the content itself
Priority: High
The priority is high
Priority: Low
The priority is low
Priority: Medium
The priority is medium
Reviewed: Confirmed
Something has been confirmed
Reviewed: Duplicate
Something exists already
Reviewed: Invalid
Something was marked as invalid
Reviewed: Wontfix
Something won't be fixed
Status: Blocked
Status: Help wanted
Contributions are welcome!
Status: In progress
Work is in progress
Status: Needs feedback
Feedback is needed
Status: Ready for Review
Work is completed
Status: Review
Review is in progress / Reviewers wanted
Status: Stale
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
7 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Documentation#2
Reference in a new issue
Codeberg/Documentation
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?