[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running PGP on Netcom (and Similar)



Alex de Joode writes:

...
> : had logs of keystrokes entered, which strikes me as something they
> : would probably have--we really need a "zero knowledge" kind of
> : "reach-back" for remotely-run PGP.)
> 
> Would a "challange response" type of verification do the "trick", ie
> is it secure enough for passphrase monitering ?

Well, I iused the "reach-back" term in a vague way, to suggest an
avenue...it may not be the correct term.

We need a system where a user, Alice, computes *something different
every time*...a conventional "challenge-response" is not good enough,
as anyone monitoring the line or having access to the logs can then
impersonate Alice. Zero knowledge interactive proof systems offer such
a thing...in fact, password schemes are one of the applications that
have been written about.

Maybe in PGP 4.0....

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."