[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mac PGP report and Rander progress



Mac PGP effort:

   After talking with Phil Zimmerman,   we decided to break the
MacPGP effort into two teams.   A short term team as it currently
stands now,  with the origional members,   and a long term team to
change PGP into a set of C Libraries that can be used with ANY
platform or API.   The short term team consists of its current
members who are doing current work on the Mac implementation.

   Next week,  perhaps on Wednesday Evening at 7 pm,  we will be
setting up a conference call to talk about all of the details,
and introduce each other.    My role in this currently will be
that of Email coordinator between the Mac PGP effort and the
other platforms.

   It is obviously clear that there is still a lot of mis-trust
that people have in me.     I guess it's still very hard to ditch
that "Once a criminal- always a criminal" attitude.

Phil Karn says:

>John Draper was proposing to manufacture rs232 random number
>generators -- would you buy a used random number from this man?

   This is EXACTLY my point.   So I WILL be publishing the schematic
and I expect the Rander box will be put through it's paces.   I have
simplified the circuit immensly,  and even eliminated the AD converter,
but not sure the design works,  but want to run the design by a few
other HW types before I "breadboard" it.    I think I got it down to
3 chips including the UART.   Two CMOS chips,  a Latch and a gate I'm
using as a comparitor,  and the UART plus a noise source.    Gack!!
All these years I try and ELIMINATE noise,  and now I am LOOKING
for noise.   By biasing one of the gates,  into the linear mode,  it
doubles as the amplifier for the noise source.   I've gone eligantly
simple with the design,   I just hope it works.   Perhaps this circuit
can be integrated into Yanek's Dongle.

Phil K. writes:
>>My thinking is to limit the external "dongle" to the one function that
>>is truly sensitive and worthy of special protection: RSA secret key
>>operations.

Eric Hughes replies:
>Phil's comment are right on.  There is a need for you secret keys
>to be easily and physically relocatable.

The Obvious,  cheapest,  but perhaps not the best way,  is to keep
your key on a floppie.


More later ....