Good reason to get a Yubikey or similar, and use it to generate WebAuthn‐based S... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bentley on Jan 1, 2023 \| parent \| context \| favorite \| on: Compromised PyTorch-nightly dependency chain betwe... Good reason to get a Yubikey or similar, and use it to generate WebAuthn‐based SSH keys that can’t be used once exfiltrated. (“ssh-keygen -t ed25519_sk”)

yjftsjthsd-h on Jan 1, 2023 [–]

Encrypting keys with a passphrase would also help.

jacquesm on Jan 1, 2023 | [–]

Yes, but once an attacker has root on your systems they may well install something that captures that passphrase so a chunk of hardware that you have with you would seem to offer some extra protection.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact