←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 8 comments | 19 Nov 17 16:06 UTC | HN request time: 0.876s | source | bottom
1. qrbLPHiKpiux ◴[19 Nov 17 18:54 UTC] No.15735260[source]
Fun fact. The developer does not believe in using a password on her private keys.
replies(1): >>15735272 #
2. trizinix ◴[19 Nov 17 18:57 UTC] No.15735272[source]
If you have your keys on an air gapped computer with an encrypted hard-disk, I don't see the need to use an additional password on the private keys.
replies(3): >>15735321 #>>15735444 #>>15735846 #
3. kakarot ◴[19 Nov 17 19:06 UTC] No.15735321[source]
One possible benefit is giving you enough time to discover the breach and rotate keys before the keys are compromised
4. hateduser2 ◴[19 Nov 17 19:26 UTC] No.15735444[source]
If they somehow break the encryption on your hard disk it’s just more security.. isn’t that what security’s all about? Getting the most safety you can get? What need is there to have an encrypted hard drive if your computer is air gapped? It’s just a better safer idea, no?
replies(2): >>15735563 #>>15735675 #
5. hyperfekt ◴[19 Nov 17 19:49 UTC] No.15735563{3}[source]
The assumption is that the encryption can only be broken via an evil-maid attack.

If you are victim of such an attack, the encryption of the file is broken as well.

6. avar ◴[19 Nov 17 20:10 UTC] No.15735675{3}[source]
Security is not about getting the most safety you can get. Otherwise why stop there? You could store the password protected private key itself as an encrypted file on the encrypted disk, and add one more layer, or double-encrypt it and add yet another layer etc.
7. parenthephobia ◴[19 Nov 17 20:46 UTC] No.15735846[source]
If you mean air-gapped literally, that seems unuseful.

Wouldn't you want the keys on the computer that's going to use them? And then, wouldn't you want to make it hard to copy the unencrypted private keys?

(I'm assuming we're talking about SSH keys.)

OTOH, it could be neat to run an ssh agent in a key-holding qube and forward that to whatever qubes need to use your SSH keys, using `ssh-add -c` so that key use must be confirmed in the key-holding qube.

replies(1): >>15735969 #
8. goatsi ◴[19 Nov 17 21:12 UTC] No.15735969{3}[source]
Sound exactly like split-GPG

https://www.qubes-os.org/doc/split-gpg/