home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] wget passphrase

On Wed, Mar 31, 2010 at 14:55:04 -0400, piper.guy1 wrote:
> On Wed, Mar 31, 2010 at 2:35 PM, Joe Burpee <jeb [ at ] burkby [ dot ] com> wrote:
> > On Wed, Mar 31, 2010 at 12:54:20 -0400, piper.guy1 wrote:
> >> 1. Can you create PEM's in OpenSSL without a passphrase?
> >
> > openssl req -nodes ...
> 
> Now, as a newbie to security, what's my risk exposure?
 
I'm no expert either.  Looks like you have posted your questions in
various places so you have probably seen lots of the opinionating on the
subject.  I guess one issue is whether using the evil passphraseless
certificates (presumably selectively for specific applications) is
somehow less secure than having a passphrase but storing it in plaintext
in a script e.g. as a curl option.  Can't say for sure, but I think
danger may sometimes lie not so much in imperfect methods themselves as
in delusions about their relative security.

Joe


replies