Is it safe to ssh-keygen a "ecdsa-sk" or "ed25519-sk" in a potentially compromised environment?

luislhl

5/26/24, 2:59 PM

I'm wondering whether it would be a good practice to make sure the keys are generated in a safe environment, like a live Linux distribution, instead of just generating them in a day-to-day environment that could be potentially compromised already.

I know the private key will probably be generated only inside the FIDO hardware, but is it enough even in a compromised environment, or are there other possible ways the keys could be compromised during its generation?

145

1 + 3

ssh

ssh-keygen

anx

5/26/24, 3:41 PM

So a private key is generated on a separate device deemed secure. But how would you know you are adding *your* public key to other servers?

doneal24

5/26/24, 6:55 PM

Even if you are in a live Linux environment, are you sure that your EFI has not been compromised? Where do you want to set the cutoff for a completely secure setup?

Gerald Schneider

5/27/24, 6:57 AM

This theoretical question is probably better suited for [security.se].

Score:2

Server

Ginnungagap

5/27/24, 6:39 AM

Nothing is secure in a compromised environment.

As pointed out in comments your host might be compromised at the UEFI level, making live CDs useless. If your host is secure but your target isn't, the deployed public key might be tampered with. Assuming you're interesting enough, China could have tampered with your FIDO hardware etc.

Security is mainly about adopting practices that mitigate risks identified during your risk assessment so they are within acceptable levels given your threat model. A "normal" person, a political activist, a corporation and a government will have wildly different threat models and acceptable levels of risk. You just have to determine yours.

Using an inadequate threat model with exceedingly cumbersome or complex mitigations usually leads to poor management of those measures and an overall worse security than proper mitigations which address the actual risks.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is it safe to ssh-keygen a "ecdsa-sk" or "ed25519-sk" in a potentially compromised environment?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.