[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Physical security lapses will getcha every time.
- To: [email protected]
- Subject: Physical security lapses will getcha every time.
- From: [email protected] (Paul Ferguson)
- Date: Wed, 25 Aug 93 21:07:21 EDT
- Organization: Sytex Communications, Inc
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 27 Aug 1993 01:46:57 -0400 (EDT),
Mike Ingle <uunet!delphi.com!MIKEINGLE> wrote -
> The most likely place for a bug would be in the randomness.
> I suppose it is possible that a one-line bug somewhere could
> leave out most of the randomness, making the keys still look
> random but actually be predictable. Random number generation
> is hard to verify. How has that in PGP been checked? The PGP
> source is so big and spread out, it's hard to check. I don't
> think there is a bug, but it would be nice if PGP were
> carefully examined and attacked. Where are these rumors
> coming from? They are bad for the cause.
Let's be realistic, Mike.
The biggest threat to any security, on any basis, is the threat of
human nature. The chances of someone factoring your PGP encoded
message is somewhere in the range of slim-to-none, but the chances
of someone (you) -physically- compromising their key is much, much
higher.
In fact, I'd venture to say that it's much higher than even you or I
imagine, given the fact that some folks ignore what most of us would
deem common sense and use PGP on a multi-user system (such as a SUN
server, any other UNIX-flavored workstation, or even a Netware
server).
Fact Two: That's why you won't see messages from me either (a.)
signed with PGP, or (b.) encrypted with PGP from any of my other
e-mail accounts. All are UNIX (open) environments and I don't like
the implications of the possibilities of my secret key being exposed,
even if I do trust the folks I work with. Call me a schizoid.
Cheers,
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLH6FrJRLcZSdHMBNAQEs1AP8D3ve8oRYIT4/Lne3LYY9xZWkghZFQyhH
CcCdFhHfAyXeAnz6puIpSN+9zior4/W9pcgxK/EdcCt72hMOzTYQvWtFZVIE0nQA
Fn+a5FkUwCLhvfiIqCSPvBjG8UvBt2RTuv7GN0IiIfMwzCeAkB9MTkoNQut48DGU
thDLDXfnRxs=
=0v11
-----END PGP SIGNATURE-----
Paul Ferguson | "Government, even in its best state,
Network Integrator | is but a necessary evil; in its worst
Centreville, Virginia USA | state, an intolerable one."
[email protected] | - Thomas Paine, Common Sense
Type bits/keyID Date User ID
pub 1024/1CC04D 1993/03/15 Paul Ferguson <[email protected]>
Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58