1

What is the risk of committing an ascii-armored symmetric private key to VCS where the password lives outside of source control?

This is a private closed-source repo.

Two helpful topics:

CaffeineAddiction
  • 7,517
  • 2
  • 20
  • 40
doremi
  • 111
  • 1
  • Could you be a bit more specific in what way the threads you linked differ from your own question? – Arminius Apr 11 '18 at 18:19
  • I'd like to understand the specific vulnerabilities my proposed scenario would expose and the circumstances under which those vulnerabilities might be exploited. Neither of the aforementioned links provide much detail in this regard. – doremi Apr 11 '18 at 20:15
  • """A binary-to-text encoding is encoding of data in plain text. More precisely, it is an encoding of binary data in a sequence of printable characters. These encodings are necessary for transmission of data when the channel does not allow binary data (such as email or NNTP) or is not 8-bit clean. PGP documentation (RFC 4880) uses the term ASCII armor for binary-to-text encoding when referring to Base64.""" ... I had to look it up (Things I learned Today) – CaffeineAddiction Apr 12 '18 at 09:30

1 Answers1

1

I would strongly recommend AGAINST it ...

Passphrase on a SSH key isnt meant to protect it indefinitely ... it simply buys you time. If you brute force a password on a program or website it could lock you out after a specific number of tries. It could also notify the powers that be that someone is attempting to break in. A SSH Key is simply a file though ... if someone obtains it they can throw rainbow tables at it all day every day for years if they want to and then it is no long and IF they crack it but WHEN.

this picture is outdated, but it gives you an idea of how bad of an idea it is ... the fact that the picture is outdated should give you an even better idea

password complexity

https://www.grc.com/haystack.htm

CaffeineAddiction
  • 7,517
  • 2
  • 20
  • 40
  • Hi - Thanks for your answer. Clarification here - the key in question is a GPG private key used to decrypt non-PII bulk data in S3, not an SSH key. Also, isn't it fair to say that an intruder would need to compromise my VCS before even attempting to brute-force the password? If this key needs to be on every app server, where is OPS to store it in order to deploy it? If it's a company like Hashicorp Vault, how is that more/less secure than a hosted VCS such as GitHub? – doremi Apr 12 '18 at 17:20