[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one time pads
- To: [email protected]
- Subject: Re: one time pads
- From: Peter Shipley <[email protected]>
- Date: Thu, 15 Oct 92 18:03:15 -0700
- In-Reply-To: Your message of Thu, 15 Oct 92 17:07:35 -0800. <[email protected]>
- Phone: (510) 849-2230
- Posted-Date: Thu, 15 Oct 92 18:03:15 -0700
- Snail-Address: 2560 Bancroft way #51;Berkeley CA 94704-1700
>Physical security is not a big issue for RSA (in the pgp implementation)
>because the secret key ring is itself encrypted. The problem is not so much
>physical-intrusion-to-get-the-key as it is physical intrusion aimed at
To add my two cents, I once had some sensitive files solen from me.
the cracker had modified the crypt command to record passwords
and current directory (since crypt only works on stdin and stdout).
In a matter of a few days they have my crypt password and enough infomation
from my file to raise some real hell.
Note that they did not bother with breaking the crypt or guessing the password
they just rigged the system binaries.
PS: this happend a year ago, and last month a copy of the files
appeared on some systems owned by the Bay Area Air Quality Management
District in SF (baaqmd).
PPS: I *know* that crypt is insecure but I had tared/compressed it and des
was not avalible on the systems I was working on.