

Worst Idea Ever: SSHKeygen.com - bkrausz
http://sshkeygen.com/

======
jamess
Oh dear god. I can only hope this is an attempt to crack idiots servers,
rather than a serious service. I love the "it's your responsibility to secure
your key in transit" disclaimer.

~~~
dfranke
The "it's got what admins crave" line makes me pretty sure it's intended to be
silly.

~~~
apathy
electrolytes, mostly

------
dangoldin
Man. Where's the credit card field? I want to pay for such a sweet service.

~~~
narag
Don't worry. You will. Sooner or later :-)

------
Hexstream
I think it's actually a pretty good idea.

If your goal is to scam clueless people, of course.

~~~
coglethorpe
New YCombinator startup idea!

Passwords are hard to remember. I can create a service to store their userIds,
passwords and sites. That way people have to only go one place to get them.
I'll call it a "personal ID agregator" during my VC pitches.

I could make all the data public and accessible from anywhere using a simple
API.

Users could vote on which passwords are the strongest. The wisdom of crowds
would lead us to the better security!

Man I need a cup of coffee to get going on this. No, wait, I've had 6 cups
already...

~~~
rms
It's been done. <http://en.wikipedia.org/wiki/Claria_Corporation>

------
rms
This is a really funny parody of the idea that all you need for a Web 2.0
startup is a cloned Unix command.

------
ivank
reverse DNS points to 208.185.168.22.zipmath.com

Also hosted on the same IP: <http://cracks.n.hax.com/> and
<http://portcode.com/>

~~~
bayes
This is probably a stupid question, but how did you find out what other sites
were hosted at that IP address? Are you reliant on search engine data, or is
there some other way of doing it?

~~~
ivank
I used <http://www.paterva.com/maltego/> to do it. I have no idea where the
data comes from.

------
jmorin007
I just generated mine at Starbucks!

Is that bad?

~~~
pierrefar
As long as you didn't spill coffee and damage your keys in transit, it's fine
:)

------
dfranke
I wonder if the server runs Debian.

------
livejamie
Domaintools shows they have 'private registration' and a established SSL cert
even though they're not using one and on the site claim they're 'getting one
soon'

<http://whois.domaintools.com/sshkeygen.com>

Pretty fishy.. or should I say.. phishy?

------
maskralc
Come on - if you are smart enough to know how to use ssh keys then you are too
technically smart to fall for this. Grandma is not going to have her server
hacked because she tried this. It's gotta be a joke.

------
nose
<http://cryptofile.com/yep.php>

------
HansF
Heh "It is your responsibility to secure your new key pair in transit." it's
not even https. Funny!

------
Erwin
On To Do page: buy a SSL certificate or self-sign so key transfer is not in
the clear

Haha. I don't think the idea (if this is not a scam/joke) has merit because
even if you forget your SSH passphrase, you have access to the server via a
root password (stored somewhere safely in a fireproof-safe; and even if not
physical access at worst). So the traditional key escrow should not be
necessary.

------
rw
How did you find this site?

------
pjackson
Guh. It doesn't even send your private key back to you using SSL. Not that it
would matter much. I don't want my keys escrowed!

~~~
chmike
It is secured by the pass phrase! :D

------
ahizzle
The "best practice" bit is priceless.

------
megabang
May be we should do something about it!?

------
MikeCapone
That's hilarious!

------
Allocator2008
This is funny. Reminds me of the chap who wondered on an online forum about
how to hack his school's server, and forthwith acted upon the advice from the
forum to send a "ping of death" to the i.p. address "127.0.0.1"! :-) Could
just be an urban legend, but still amusing!

~~~
johns
<http://www.bash.org/?742386>

