Document the tradeoffs between a master passphrase and a master SSH key
Marco Ricci commited on 2026-04-05 19:19:11
Zeige 7 geänderte Dateien mit 100 Einfügungen und 5 Löschungen.
This is still somewhat a preliminary version, but all the main points are already present. The FAQ "Should I use one master SSH key, or many keys?" will be moved to a new, future document.
- docs/_future.md e1cddb1..fc7dbcf
- docs/explanation/index.md 8863840..25259bf
- docs/explanation/tradeoffs-passphrase-ssh-key.md 0000000..7e2074c
- docs/how-tos/ssh-key.md cbfc486..b4d94c1
- docs/tutorials/basic-setup-ssh-key.md d7d5878..af64fda
- mkdocs.yml ef137a6..8c3404a
- mkdocs_devsetup.yml 689e555..731f045
| ... | ... |
@@ -57,7 +57,7 @@ |
| 57 | 57 |
### Explanation |
| 58 | 58 |
|
| 59 | 59 |
* Security aspects and other tradeoffs when using deterministic password generators |
| 60 |
-* Tradeoffs between a master passphrase and a master SSH key (→ [TODO][BASIC_SETUP_SSH_KEY], [TODO][HOW_TO_SSH_KEY]) |
|
| 60 |
+* Should I use one master SSH key/master passphrase, or many? (→ [TODO][HOW_TO_SSH_KEY]) |
|
| 61 | 61 |
* Why is `vault`'s `--repeat` option named this way if it counts occurrences, not repetitions? |
| 62 | 62 |
|
| 63 | 63 |
[BASIC_SETUP_PASSPHRASE]: tutorials/basic-setup-passphrase.md |
| ... | ... |
@@ -6,6 +6,9 @@ title: Explanation overview |
| 6 | 6 |
license][FAQ_ALTERED_VERSIONS] |
| 7 | 7 |
* [What are "interchangable passphrases" in `vault`, and what does that mean |
| 8 | 8 |
in practice?][FAQ_INTERCHANGABLE_PASSPHRASES] |
| 9 |
+* [Tradeoffs between a master passphrase and a master SSH |
|
| 10 |
+ key][TRADEOFFS_PASSPHRASE_SSH_KEY] |
|
| 9 | 11 |
|
| 10 | 12 |
[FAQ_ALTERED_VERSIONS]: faq-altered-versions.md |
| 11 | 13 |
[FAQ_INTERCHANGABLE_PASSPHRASES]: faq-vault-interchangable-passphrases.md |
| 14 |
+[TRADEOFFS_PASSPHRASE_SSH_KEY]: tradeoffs-passphrase-ssh-key.md |
| ... | ... |
@@ -0,0 +1,89 @@ |
| 1 |
+# Tradeoffs between a master passphrase and a master SSH key |
|
| 2 |
+ |
|
| 3 |
+## Summary |
|
| 4 |
+ |
|
| 5 |
+<table markdown="1"> |
|
| 6 |
+<thead> |
|
| 7 |
+<tr> |
|
| 8 |
+<th></th> |
|
| 9 |
+<th scope=col>master passphrase</th> |
|
| 10 |
+<th scope=col>master SSH key</th> |
|
| 11 |
+</tr> |
|
| 12 |
+</thead> |
|
| 13 |
+<tbody markdown="1"> |
|
| 14 |
+<tr markdown="1"> |
|
| 15 |
+<th scope=row>setup costs/system portability</th> |
|
| 16 |
+<td markdown="block"> |
|
| 17 |
+ |
|
| 18 |
+ - requires `derivepassphrase` and its configuration, or any compatible system |
|
| 19 |
+ |
|
| 20 |
+</td> |
|
| 21 |
+<td markdown="block"> |
|
| 22 |
+ |
|
| 23 |
+ - requires `derivepassphrase` and its configuration, or any compatible system |
|
| 24 |
+ - requires a running SSH agent supported by `derivepassphrase` |
|
| 25 |
+ - requires the master SSH key file, in a format supported by the SSH agent |
|
| 26 |
+ |
|
| 27 |
+</td> |
|
| 28 |
+</tr> |
|
| 29 |
+<tr markdown="1"> |
|
| 30 |
+<th scope=row>resistance to brute force attacks</th> |
|
| 31 |
+<td markdown="block"> |
|
| 32 |
+ |
|
| 33 |
+ - `derivepassphrase` configuration must be guessed |
|
| 34 |
+ - master passphrase must be guessed |
|
| 35 |
+ |
|
| 36 |
+</td> |
|
| 37 |
+<td markdown="block"> |
|
| 38 |
+ |
|
| 39 |
+ - `derivepassphrase` configuration must be guessed |
|
| 40 |
+ - the master SSH key file must be acquired |
|
| 41 |
+ - the key file passphrase must be guessed |
|
| 42 |
+ |
|
| 43 |
+</td> |
|
| 44 |
+</tr> |
|
| 45 |
+<tr markdown="1"> |
|
| 46 |
+<th scope=row>derived passphrases are unrecoverable if …</th> |
|
| 47 |
+<td markdown="block"> |
|
| 48 |
+ |
|
| 49 |
+ - … the `derivepassphrase` configuration is lost or unrecoverable, or |
|
| 50 |
+ - … the master passphrase is forgotten |
|
| 51 |
+ |
|
| 52 |
+</td> |
|
| 53 |
+<td markdown="block"> |
|
| 54 |
+ |
|
| 55 |
+ - … the `derivepassphrase` configuration is lost or unrecoverable, or |
|
| 56 |
+ - … the master SSH key file is lost, corrupted or otherwise unrecoverable, or |
|
| 57 |
+ - … the passphrase for the master SSH key is forgotten |
|
| 58 |
+ |
|
| 59 |
+</td> |
|
| 60 |
+</tr> |
|
| 61 |
+</tbody> |
|
| 62 |
+</table> |
|
| 63 |
+ |
|
| 64 |
+## Discussion |
|
| 65 |
+ |
|
| 66 |
+The master SSH key setup and the master passphrase setup differ somewhat in their setup complexity, setup brittleness, and resilience against loss of access and against attacks. |
|
| 67 |
+Usually, an aspect of the setup is both a strength for one of these criteria and a weakness for another one; |
|
| 68 |
+there is (in our opinion) no universally better choice. |
|
| 69 |
+ |
|
| 70 |
+Using a master SSH key instead of a master passphrase introduces an extra step during passphrase derivation: |
|
| 71 |
+the master SSH key first derives an "effective master passphrase", and this effective master passphrase is then used during the actual passphrase derivation. |
|
| 72 |
+In contrast, a master passphrase is used directly. |
|
| 73 |
+ |
|
| 74 |
+This extra step for the master SSH key setup implies a higher setup complexity: |
|
| 75 |
+an SSH agent (extra software) and the master SSH key file (extra essential files) are necessary, and the user must ensure continued access to the former and access and secrecy for the latter. |
|
| 76 |
+It also introduces additional failure modes:[^usual-failures] if the agent and/or the key file becomes unusable, then the user loses access to their derived passphrases as well. |
|
| 77 |
+This makes the master SSH key setup more brittle and less resilient against loss of access. |
|
| 78 |
+ |
|
| 79 |
+[^usual-failures]: |
|
| 80 |
+ The usual failure modes of `derivepassphrase` remain: the passphrase (master passphrase or the SSH key file passphrase) is forgotten, or the configuration is lost, corrupted, or otherwise unrecoverable. |
|
| 81 |
+ |
|
| 82 |
+By its nature, the master SSH key setup makes the master passphrase cryptographically infeasible to guess: guessing the master passphrase amounts to forging a cryptographic signature for the SSH key, which is infeasible by assumption. |
|
| 83 |
+The security of the setup then depends on the user's ability to secure the SSH key, e.g., by using a strong passphrase and brute-force-resistant settings for the SSH key file, and keeping it out of reach for attackers. |
|
| 84 |
+Similarly, a master passphrase must also be chosen carefully to be cryptographically infeasible to guess, and must be kept out of reach for attackers, e.g. by not writing it down anywhere. |
|
| 85 |
+Depending on the user, it may or may not be easier to secure a key file instead of memorizing a high-entropy passphrase. |
|
| 86 |
+ |
|
| 87 |
+We therefore have the following <b>recommendation</b>: |
|
| 88 |
+If you can count on having a working SSH setup on all machines you might want to access your derived passphrases on **and** if you already have SSH keys you must keep secure, then use a <b>master SSH key</b>. |
|
| 89 |
+Otherwise, use a <b>master passphrase</b>, e.g. by generating eight words from a Diceware list. |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
|
| 3 | 3 |
!!! abstract "See also" |
| 4 | 4 |
|
| 5 |
- → Tradeoffs between a master passphrase and a master SSH key (TODO) |
|
| 5 |
+ → [Tradeoffs between a master passphrase and a master SSH key][TRADEOFFS_PASSPHRASE_SSH_KEY] |
|
| 6 | 6 |
|
| 7 | 7 |
## Prerequisites |
| 8 | 8 |
|
| ... | ... |
@@ -301,8 +301,7 @@ Next, configure `derivepassphrase vault` to use the loaded SSH key. |
| 301 | 301 |
|
| 302 | 302 |
!!! abstract "Further reading" |
| 303 | 303 |
|
| 304 |
- → Tradeoffs between a master passphrase and a master SSH key, |
|
| 305 |
- section "Should I use one master SSH key, or many keys?" (TODO) |
|
| 304 |
+ → Should I use one master SSH key/master passphrase, or many? (TODO) |
|
| 306 | 305 |
|
| 307 | 306 |
<aside markdown> |
| 308 | 307 |
|
| ... | ... |
@@ -320,3 +319,4 @@ Next, configure `derivepassphrase vault` to use the loaded SSH key. |
| 320 | 319 |
|
| 321 | 320 |
[PREREQ]: ../reference/prerequisites-ssh-key.md |
| 322 | 321 |
[PREREQ_AGENT_SPECIFIC_NOTES]: ../reference/prerequisites-ssh-key.md#agent-specific-notes |
| 322 |
+[TRADEOFFS_PASSPHRASE_SSH_KEY]: ../explanation/tradeoffs-passphrase-ssh-key.md |
| ... | ... |
@@ -4,7 +4,7 @@ |
| 4 | 4 |
|
| 5 | 5 |
→ [Tutorial: Setting up `derivepassphrase vault` for three accounts, with a master passphrase][BASIC_SETUP_PASSPHRASE] |
| 6 | 6 |
|
| 7 |
- → Tradeoffs between a master passphrase and a master SSH key (TODO) |
|
| 7 |
+ → [Tradeoffs between a master passphrase and a master SSH key][TRADEOFFS_PASSPHRASE_SSH_KEY] |
|
| 8 | 8 |
|
| 9 | 9 |
## The scenario |
| 10 | 10 |
|
| ... | ... |
@@ -439,6 +439,7 @@ This completes the tutorial. |
| 439 | 439 |
|
| 440 | 440 |
[BASIC_SETUP_PASSPHRASE]: basic-setup-passphrase.md |
| 441 | 441 |
[PREREQ_SSH_KEY]: ../reference/prerequisites-ssh-key.md#ssh-key |
| 442 |
+[TRADEOFFS_PASSPHRASE_SSH_KEY]: ../explanation/tradeoffs-passphrase-ssh-key.md |
|
| 442 | 443 |
|
| 443 | 444 |
[OPENSSH]: https://www.openssh.org/ |
| 444 | 445 |
[PUTTY]: https://putty.software/ |
| ... | ... |
@@ -120,6 +120,7 @@ nav: |
| 120 | 120 |
- explanation/index.md |
| 121 | 121 |
- '"altered versions" license requirement': explanation/faq-altered-versions.md |
| 122 | 122 |
- '"interchangable passphrases" in vault': explanation/faq-vault-interchangable-passphrases.md |
| 123 |
+ - tradeoffs between passphrase & SSH key: explanation/tradeoffs-passphrase-ssh-key.md |
|
| 123 | 124 |
- Changelog: |
| 124 | 125 |
- Changelog: changelog.md |
| 125 | 126 |
- Upgrade notes: upgrade-notes.md |
| ... | ... |
@@ -71,6 +71,7 @@ nav: |
| 71 | 71 |
- explanation/index.md |
| 72 | 72 |
- '"altered versions" license requirement': explanation/faq-altered-versions.md |
| 73 | 73 |
- '"interchangable passphrases" in vault': explanation/faq-vault-interchangable-passphrases.md |
| 74 |
+ - tradeoffs between passphrase & SSH key: explanation/tradeoffs-passphrase-ssh-key.md |
|
| 74 | 75 |
- Changelog: |
| 75 | 76 |
- Changelog: changelog.md |
| 76 | 77 |
- Upgrade notes: upgrade-notes.md |
| 77 | 78 |