18Şub
Is a FIDO private key file for SSH cryptographically secure on it’s own?
Is an id_ed25519_sk cryptographically secure without a password?
I'm currently experimenting with a yubikey SSH identity. Following instructions to generate an SSH key:
sudo ssh-keygen -t ed25519-sk -O resident -O verify-required -C "Your Comment"
This generated a private and public key file (id_ed25519_sk / id_ed25519_sk.pub), but it asked me if I wanted to set a password on the private key. I was mildly surprised because I already have to enter a pin code and touch the yubikey physically.
I realise a 4 digit pin is much less secure than a password. Of course there is a risk that someone may steal both my yubikey and private key file together.
But besides that, is the id_ed25519_sk file at all useful on it's own?
