[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one time pads

To: [email protected]
Subject: Re: one time pads
From: Peter Shipley <[email protected]>
Date: Thu, 15 Oct 92 18:03:15 -0700
In-Reply-To: Your message of Thu, 15 Oct 92 17:07:35 -0800. <[email protected]>
Phone: (510) 849-2230
Posted-Date: Thu, 15 Oct 92 18:03:15 -0700
Snail-Address: 2560 Bancroft way #51;Berkeley CA 94704-1700


>
>Physical security is not a big issue for RSA (in the pgp implementation)
>because the secret key ring is itself encrypted.  The problem is not so much
>physical-intrusion-to-get-the-key as it is physical intrusion aimed at
>modifying software.

To add my two cents, I once had some sensitive files solen from me.
the cracker had modified the crypt command to record passwords
and current directory (since crypt only works on stdin and stdout).

In a matter of a few days they have my crypt password and enough infomation
from my file to raise some real hell.  

Note that they did not bother with breaking the crypt or guessing the password
they just rigged the system binaries.

		-Pete

PS: this happend a year ago, and last  month a copy of the files
    appeared on some systems owned by the Bay Area Air Quality Management
    District in SF (baaqmd).

PPS: I *know* that crypt is insecure but I had tared/compressed it and des
	was not avalible on the systems I was working on.

References:
- Re: one time pads
  - From: Eric Hollander <[email protected]>

Prev by Date: Re: Game items...
Next by Date: Who uses ethernet (Mr Squirrel?)
Prev by thread: Re: one time pads
Next by thread: physical security
Index(es):
- Date
- Thread