DEV Community


Posted on

The risk of unprotected private keys (

There have been numerous occations where I’ve heard the following expression: “…yeah my stuff is safe on my computer, no need to have additional encryption, or special administrative accounts…”.

Well yeah, sure, if you say so.

Let that sink in as a intro. An old laptop I was using for testing stopped working and wouldn’t start anymore. So I decided to take out the disk and retrieve the data I had laying in there. For everyone else, getting data out would be impossible. For me, the good thing was that I had Linux running on it and the disk was encrypted with LUKS (Linux Unified Key Setup), meaning that only I, with the decryption password, could access the enclosing data (by no means I consider myself as a cryptography expert, I just use common sense and best practices).

While copying some files, I remembered that I had an ssh key setup for accessing a VPS I used for testing. In that moment, an interesting idea popped into my head!

..the post continues on the original site

Top comments (0)