[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Running PGP on Netcom (and Similar)
Timothy C. May ([email protected]) did write:
: Not that had Mr. De Payne been using PGP on Netcom, with his secret
: key stored there, the cops would have it. (The passphrase maybe not,
: depending on whether he stored _that_ there, too. And whether Netcom
: had logs of keystrokes entered, which strikes me as something they
: would probably have--we really need a "zero knowledge" kind of
: "reach-back" for remotely-run PGP.)
Would a "challange response" type of verification do the "trick", ie
is it secure enough for passphrase monitering ?
: I just don't think the dangers are worth it. All the theoretical hot
: air about whether kestroke timings are "random enough" is moot if
: Netcom is turning over records to investigators.
: --Tim May
____ Alex de Joode <[email protected]>
\ /__ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
\/ / "It's dangerous to be right when the government is wrong."
\/ --Voltaire --finger [email protected] for PGPpublicKEY--