[sf-lug] passphrase

Kristian Erik Hermansen kristian.hermansen at gmail.com
Sat Dec 22 01:36:35 PST 2007

On Dec 22, 2007 1:19 AM, Alex Kleider <a_kleider at yahoo.com> wrote:
> Thank you Rick for that explanation: I had read about the
> public/private key pairs and how that cleverly allows encryption
> without a preliminary exchange of encryption keys but it had never
> occurred to me about the problem of keeping the private key truly
> private while it sits on a multiuser machine. Now I get how the pass
> phrase fits into the picture.

Strong Authentication is a term used to describe when you have two
forms of security access control implemented.  There are three forms:
something you are, something you have, and something you know.  In
this case, it would not qualify as being "strong" if you did not set a
password, because anyone could steal your key and get in (something
THEY have now).  If you set a password, they could also need to
convince you to divulge that as well.  If you implement all three, say
using biometric authentication, even better :-)
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."

More information about the sf-lug mailing list