GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Phil21 · 09-21-2002, 10:21 AM

If you mean by RSA, using RSA authentication (public/private) keys, then maybe.

They are convienient, no more typing in a password each time. You just simply magically get access. ;) They also may be slightly more secure.

With SCP though (pretty much copying files over SSH), remember you password is encrypted before it's sent. So really you're pretty well off with either.

I tend to use RSA auth just for the convience, and for of course automated file transfers between boxes.

Also, it's a great idea to use SCP, BUT don't expect it to actually foil too much... IMO the importance of packet sniffing in h4x0r1ng Mr. random webserver is highly trumped up. If half the people that preach about over the wire encryption took that time and actually stayed up to date on security vulnerabilities in whatever the latest daemon-with-exploit is, everyone would be far better off. Remember the encryption only helps if someone happens to have a machine on either end of the connection, (like a box next to your webserver, on the same vlan) or if the machine is allready compromised. If the latter is true, I submit they can get that information anyways.

That rant being said, it's a VERY good idea to use scp. But also remember the easier things h4x0rs use to fuck with you. Taking the time and effort to obtain a posistion to packet sniff you is about one of the last things they'll try.

i.e. don't use encryption as a security blanket. Keep up on best-practice everywhere else.

peace,

-Phil

09-21-2002, 10:21 AM
Phil21 Confirmed User Join Date: May 2001 Location: ICQ: 25285313 Posts: 993	If you mean by RSA, using RSA authentication (public/private) keys, then maybe. They are convienient, no more typing in a password each time. You just simply magically get access. ;) They also may be slightly more secure. With SCP though (pretty much copying files over SSH), remember you password is encrypted before it's sent. So really you're pretty well off with either. I tend to use RSA auth just for the convience, and for of course automated file transfers between boxes. Also, it's a great idea to use SCP, BUT don't expect it to actually foil too much... IMO the importance of packet sniffing in h4x0r1ng Mr. random webserver is highly trumped up. If half the people that preach about over the wire encryption took that time and actually stayed up to date on security vulnerabilities in whatever the latest daemon-with-exploit is, everyone would be far better off. Remember the encryption only helps if someone happens to have a machine on either end of the connection, (like a box next to your webserver, on the same vlan) or if the machine is allready compromised. If the latter is true, I submit they can get that information anyways. That rant being said, it's a VERY good idea to use scp. But also remember the easier things h4x0rs use to fuck with you. Taking the time and effort to obtain a posistion to packet sniff you is about one of the last things they'll try. i.e. don't use encryption as a security blanket. Keep up on best-practice everywhere else. peace, -Phil