[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] "--askpass file" is evil!

  • Subject: Re: [Openvpn-users] "--askpass file" is evil!
  • From: Jean-Pierre Schwickerath <lists@xxxxxxxxxxxx>
  • Date: Fri, 3 Dec 2004 13:23:05 +0100

> Storing a passphrase in a file, especially for roadwarriors is
> tantamount to writing it on a sticky note. It defeats the whole point
> of their being a knowledge aspect to the authentication. Locking a
> door with two keys instead of one isn't much use if both keys are on
> the same ring.

Every decent program storing certificates should allow the user to
decrypt his/her certificate with the password supplied by the CA and
then reencrypt it with a passphrase chosen by the user.


Powered by Linux From Scratch - http://schwicky.net/
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141

Nothing is impossible... Everything is relative!

Openvpn-users mailing list