Right; this is a common experience with SSL/X.509 signing keys--they're encrypted by default, so any server you configure with your ssl.pem file will prompt for a passphrase on startup, and only keep the decrypted key in memory.

That's why this line, that most SSL providers give in their instructions, is so dangerous:

    openssl rsa -in server.key.org -out server.key

It strips this (rather useful) encryption, giving any successful attacker to your frontend server your private key, in exchange for letting the node come up non-interactively.

This is what ssh-agent does, and I could only hope Linode was using something similar. I think the statement suggests they did.

> The private key is itself encrypted with passphrase encryption and the passphrase is not stored electronically

So even if the hacker bragged about obtaining both the public and private keys, the private key was protected and therefore unusable without the passphrase.

At this point, we can all hope linode used a very complex passphrase... My gut feeling is that they did.

Storing a passphrase (or unlocked private key) in memory is storing it electronically.

Once the attacker has root, they can dump the memory and access this information. The attacker claims to have gigabytes of data, which could well include a memory image (or swap partition image, if the program that stored this in memory didn't lock the memory to prevent it being swapped out).

Attacker claims to have done so in this irc log: http://pastebin.com/7WXRDyAg

> 07:52 < HTP> the CCrypter class of the linode application context was accessable from outside the wwwroot using undocumented ColdFusion methods. i was fully able to decrypt the ccs using the in-memory privkey that they supplied the password for. > 07:53 < HTP> coldfusion runs as a single process, and its memory can be accessed using the ColdFusion wrapper

Can anyone explain better how the passphrase is used to encrypt the private key? Is it AES?