Comment

Congratulations, now your „password” (the 512-byte random key file) is stored as plaintext on your machine :)

With rate-limiting, non-trivial passwords are not viable to be brute-forced, so making them larger just doesn’t give you much.

Sort:hotnew top

kumi@feddit.online ⁨1⁩ ⁨week⁩ ago
If this is a concern you put a passphrase on that key.

source
jj4211@lemmy.world ⁨4⁩ ⁨days⁩ ago
Broadly speaking, the private keys can be protected.

For ssh, ssh-agent can retain the viable form for convenience while leaving the ssh key passphrase encrypted on disk. Beyond that your entire filesystem should be further encrypted for further offline protection.

Passkeys as used in webauthn are generally very specifically protected in accordance with the browser restrictions. For example, secured in a tpm protected storage, and authenticated by pin or biometric.

source