[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Running PGP on Netcom (and Similar)
On Mon, 12 Sep 1994, Adam Shostack wrote:
> > To do this properly, you would want one shot passphrases,
> >similar to S/Key. The implementation I see would have PGP hash your
> >pass phrase some large number of times (say 1000, which takes less
> >than a second on my 68030 mac) before using it to decrypt your pass
> >phrase.
> >
> > Then, when logged in from a line being sniffed, you would
> >invoke PGP -1es ..., and when prompted for your pass phrase you would
> >enter 800/something-ugly-that-md5-makes. PGP would then md5 this 200
> >times, and you'd have demonstrated your knowledge of your passphrase
> >without ever sending it over a line. Clearly, PGP would need to store
> >the fact that you had used #800, and only accept lower numbers.
I can see how this gets around the problem of sending cleartext
passphrases over a network, but how does it help stop the problem of the
remote system running a keystroke log that is handed over to the
authorities during a bust? Armed with 800/some-number they can just type
the same thing into PGP (or a modified copy) and decrypt the files that
you were keeping on-line.
Regards,
- Andy
+-------------------------------------------------------------------------+
| Andrew Brown Internet <[email protected]> Telephone +44 115 952 0585 |
| PGP 2.6ui fingerprint: EC 80 9C 96 54 63 CC 97 FF 7D C5 69 0B 55 23 63 |
+-------------------------------------------------------------------------+