[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CERT/Whitehouse/Clipper link - smoking gun...
By God, I knew there was something fishy about that latest CERT
release (the one that referred to things that happened last
November and didn't actually say anything new, but somehow
managed to hit the *WORLD* press extensively within 24 hours)...
It's stuff that's been happening *since* last November. I'm quite
certain that the attacks were continuing until (at the very least)
shortly before the announcement.
PS The statement is also false: digital signatures would have no effect
on network sniffing attacks; but it's just more FUD to strengthen the
Whitehouse hand in a release that was buried in a flood of releases
that day on Clipper.
No, you're wrong. A challenge/response login architecture based on
digital signatures would have eliminated the attack. And digital
signatures -- unlike most other technologies for one-time passwords --
do not require that any secret information be kept on the host.
There are practical difficulties, such as entering in 160 bits of
information, but for host-to-host logins, that isn't much of a problem.