[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I have a 512 bit PGP key

To: [email protected] (Eric Hughes)
Subject: Re: Why I have a 512 bit PGP key
From: "Perry E. Metzger" <[email protected]>
Date: Tue, 27 Dec 1994 22:07:44 -0500
Cc: [email protected]
In-Reply-To: Your message of "Tue, 27 Dec 1994 18:40:52 PST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


Eric Hughes says:
>    From: "Ian Farquhar" <[email protected]>
> 
> re: personal account tripwire
> 
>    The problem is that although you can protect the data file of
>    hashes (by using a pass phrase to encrypt it), protecting the
>    binary which does the checking is rather more difficult.
> 
> Why not recompile the binary?  All it needs to be is something like
> md5.c.

Read Ken Thompson's Turing Award lecture for why that isn't
sufficient. Its quite amusing.

Lets face it -- if you are truly paranoid, you have to carry your
machine around with you at all times and chain it to you.

Its all a question of threat model. For national security type attacks
nothing less than "chain machine to wrist" will do. For stopping a
casual attack, much less is needed. Its all in the threat model...

Perry

Follow-Ups:
- Re: Why I have a 512 bit PGP key
  - From: [email protected] (Eric Hughes)

References:
- Re: Why I have a 512 bit PGP key
  - From: [email protected] (Eric Hughes)

Prev by Date: Re: Why I have a 512 bit PGP key
Next by Date: Re: Why I have a 512 bit PGP key
Prev by thread: Re: Why I have a 512 bit PGP key
Next by thread: Re: Why I have a 512 bit PGP key
Index(es):
- Date
- Thread