[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why I have a 512 bit PGP key
> Let's face it, creating the compiler-to-recognize-MD5 is quite a difficult
> problem, and if I were your system administrator and wanted to obtain
> access to your files, creating a special compiler version or otherwise
> attempting to cause your integrity check to fail would be one of the last
> forms of attack I'd try.
Who says that your attacker is your admin?
Is anybody here who ever checked the source of the gcc compiler?
Why not modify the gcc to make it compile specific crypto
software (e.g. pgp) wrong, smuggling in any weakness?
Everyone checks the pgp signatures after receiving a new
version (do you?). Who checks the gcc ? Who checks the SunOS-cc ?
If the government wants to attack software like pgp it would be
easier to modify compilers than modifying the crypto sources.
> One of the easiest ways to
> subvert your security is simply to record your keystrokes. It doesn't
> take a rocket scientist to hack your kernel (or whatever it's called on
> your OS) to do this. And how do you detect it?
Why not building keyboards with 4MByte RAM ? Let him use any OS he wants to
use. Read out the keyboard at night by room-cleaning staff or by any program
able to communicate in a network.
Hadmut