[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running PGP on Netcom (and Similar)




Timothy C. May ([email protected]) did write:

: Not that had Mr. De Payne been using PGP on Netcom, with his secret
: key stored there, the cops would have it. (The passphrase maybe not,
: depending on whether he stored _that_ there, too. And whether Netcom
: had logs of keystrokes entered, which strikes me as something they
: would probably have--we really need a "zero knowledge" kind of
: "reach-back" for remotely-run PGP.)

Would a "challange response" type of verification do the "trick", ie
is it secure enough for passphrase monitering ?

: I just don't think the dangers are worth it. All the theoretical hot
: air about whether kestroke timings are "random enough" is moot if
: Netcom is turning over records to investigators.

: --Tim May

--
____      Alex de Joode                            <[email protected]>  
\  /__    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 \/  /    "It's dangerous to be right when the government is wrong." 
   \/     --Voltaire     --finger [email protected] for PGPpublicKEY--