Oh dear god. I can only hope this is an attempt to crack idiots servers, rather than a serious service. I love the "it's your responsibility to secure your key in transit" disclaimer.

The "it's got what admins crave" line makes me pretty sure it's intended to be silly.

electrolytes, mostly

Coupled with the fact that the page is HTTP and the server doesn't seem to support HTTPS!

Man. Where's the credit card field? I want to pay for such a sweet service.

Don't worry. You will. Sooner or later :-)

I think it's actually a pretty good idea.

If your goal is to scam clueless people, of course.

New YCombinator startup idea!

Passwords are hard to remember. I can create a service to store their userIds, passwords and sites. That way people have to only go one place to get them. I'll call it a "personal ID agregator" during my VC pitches.

I could make all the data public and accessible from anywhere using a simple API.

Users could vote on which passwords are the strongest. The wisdom of crowds would lead us to the better security!

Man I need a cup of coffee to get going on this. No, wait, I've had 6 cups already...

It's been done. http://en.wikipedia.org/wiki/Claria_Corporation

easy implementation too. just redirect to bugmenot

This is a really funny parody of the idea that all you need for a Web 2.0 startup is a cloned Unix command.

reverse DNS points to 208.185.168.22.zipmath.com

Also hosted on the same IP: http://cracks.n.hax.com/ and http://portcode.com/

This is probably a stupid question, but how did you find out what other sites were hosted at that IP address? Are you reliant on search engine data, or is there some other way of doing it?

I used http://www.paterva.com/maltego/ to do it. I have no idea where the data comes from.

That makes sense, so this is a random project/joke/hack from a security consultant (funny how hacker is the wrong word).

I wonder if the server runs Debian.

Domaintools shows they have 'private registration' and a established SSL cert even though they're not using one and on the site claim they're 'getting one soon'

http://whois.domaintools.com/sshkeygen.com

Pretty fishy.. or should I say.. phishy?

I just generated mine at Starbucks!

Is that bad?

As long as you didn't spill coffee and damage your keys in transit, it's fine :)

Come on - if you are smart enough to know how to use ssh keys then you are too technically smart to fall for this. Grandma is not going to have her server hacked because she tried this. It's gotta be a joke.

Heh "It is your responsibility to secure your new key pair in transit." it's not even https. Funny!

On To Do page: buy a SSL certificate or self-sign so key transfer is not in the clear

Haha. I don't think the idea (if this is not a scam/joke) has merit because even if you forget your SSH passphrase, you have access to the server via a root password (stored somewhere safely in a fireproof-safe; and even if not physical access at worst). So the traditional key escrow should not be necessary.

How did you find this site?

Guh. It doesn't even send your private key back to you using SSL. Not that it would matter much. I don't want my keys escrowed!

It is secured by the pass phrase! :D

The "best practice" bit is priceless.

May be we should do something about it!?

That's hilarious!

This is funny. Reminds me of the chap who wondered on an online forum about how to hack his school's server, and forthwith acted upon the advice from the forum to send a "ping of death" to the i.p. address "127.0.0.1"! :-) Could just be an urban legend, but still amusing!

Oh, it's common enough, though it's usually easier to get them with something like 127.4.132.17.

Well, or warez.<domain> - there's a long tradition of A-ing that to 127.0.0.1, I use warez.trout.me.uk as a cloak on IRC and there've been a couple times idiots have tried to flood me off the net with predictable results ...