home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] wget passphrase

On Wed, Mar 31, 2010 at 02:55:04PM -0400, piper.guy1 wrote:
> Now, as a newbie to security, what's my risk exposure?

The risk is similar to that of a passphrase: if an attacker can access
the ssl key file they can decrypt the traffic, and authenticate to the

A certificate does have an advantage over a passphrase as you can
easily give every device a unique certificate and key. If one key is
compromised then only that key and encrypted traffic are compromised
not the whole system. You can easily revoke a single certificate at
the server. It is also easier for the client to authenticate the
server when using certificates.

Setting up a local CA to generate your certificates is not the easiest
at first. But once setup it is easy to use. There are lots of howtos
on the Internet.