Any user-level application on your computer can read the SSH key -- you'll never... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

4kevinking on May 1, 2017 | parent | context | favorite | on: Show HN: Kryptonite – a new home for your SSH priv...

Any user-level application on your computer can read the SSH key -- you'll never know if it's used or sent off somewhere. Even passphrase encrypted keys are vulnerable. Check out this blog post for a deep dive on our threatmodel and why you should store your SSH key on your phone https://blog.krypt.co/why-store-an-ssh-key-with-kryptonite-9...

_pfxa on May 1, 2017 [–]

Well the phone is at least equally insecure, given it's often way more opaque than a computer.

tptacek on May 1, 2017 | [–]

No, the opposite is true. See upthread.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact