[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running PGP on Netcom (and Similar)

To: [email protected]
Subject: Re: Running PGP on Netcom (and Similar)
From: Alex de Joode <[email protected]>
Date: Mon, 12 Sep 1994 12:57:48 +0200
Sender: [email protected]


Timothy C. May ([email protected]) did write:

: Not that had Mr. De Payne been using PGP on Netcom, with his secret
: key stored there, the cops would have it. (The passphrase maybe not,
: depending on whether he stored _that_ there, too. And whether Netcom
: had logs of keystrokes entered, which strikes me as something they
: would probably have--we really need a "zero knowledge" kind of
: "reach-back" for remotely-run PGP.)

Would a "challange response" type of verification do the "trick", ie
is it secure enough for passphrase monitering ?

: I just don't think the dangers are worth it. All the theoretical hot
: air about whether kestroke timings are "random enough" is moot if
: Netcom is turning over records to investigators.

: --Tim May

--
____      Alex de Joode                            <[email protected]>  
\  /__    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 \/  /    "It's dangerous to be right when the government is wrong." 
   \/     --Voltaire     --finger [email protected] for PGPpublicKEY--

Follow-Ups:
- Re: Running PGP on Netcom (and Similar)
  - From: Adam Shostack <[email protected]>
- Re: Running PGP on Netcom (and Similar)
  - From: [email protected] (Timothy C. May)

Prev by Date: Running PGP on Netcom (an
Next by Date: Re: Running PGP on Netcom (an
Prev by thread: Re: Running PGP on Netcom (and Similar)
Next by thread: Re: Running PGP on Netcom (and Similar)
Index(es):
- Date
- Thread