why change cacerts password?
873850Jul 7 2011 — edited Jul 7 2011Hello everybody,
I have read in numerous manuals on the 'net that system administrators should change the password of the "cacerts" file after installation of the JRE. I am a bit confused as to why this must be done, or rather, why that file needs to be password-protected at all. Here's my rationale:
My valuable private keys are stored in my own keystore file. This keystore is, of course, password-protected and accessible only to users that need to.
I'm not going to modify the cacerts file, only my own keystore (e.g. import trusted certificates).
The cacerts file contains only certificates, no private keys. The certificates are the default ones, i.e. those of publicly known CAs. No attacker would gain any valuable information from reading the cacerts file.
To modify the cacerts file, an attacker would have to gain root privileges first, since the permissions on the cacerts file demand that (this is the default on Ubuntu).
On the other hand, why should an attacker that has already gained root privileges bother inserting a rogue certificate into the cacerts file? He might as well set up his own keystore, with a password of his choice, and configure software to use that. Or just tamper with the system in any other way that root privileges allow, including file system scans and keyloggers to gain knowledge of the password to my own keystore and extract my private keys, which seems far worse to me.