[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SAFE Forum--some comments
John Pettitt recalls an question from the audience at the SAFE conference:
>
>One questioner from the audience made an interesting point that given
>that most of american can't seta vcr clock crypto will be totally
>beyond them unless it becomes pervasive ("you can buy it at radio shack").
>
It's not quite that bad. Here are a few (more or less strong) crypto
products you might not know you have:
1. Every Macintosh made since at least 1988 has a secure authentication
client module in the AppleShare Chooser dialog. When you use it to
connect to a remote server, it notes that the user information
is "two-way scrambled." (The server sends a random number challenge
that the client uses to encrypt the username and password. The
encrypted information is sent to the server.) All Macintosh systems
running System 7 or later have the corresponding server software.
What is interesting about this is that the encryption is completely
invisible to the user.
2. At least one garage door opener company offers an opener that
resets itself -- an intruder can't record the signal and play it
back as the "key code" is one-time only.
However, I agree with the questioner regarding the "set VCR problem."
I suspect that the major problems in deploying strong crypto will
be in marketing and human engineering -- and that the current
regulatory environment adds to the difficulty by removing marketing
incentives to do high-quality human engineering.
Note that the VCR companies have solved the vcr problem by receiving
a timecode from a local television station -- making the problem
invisible to the end user. We should be able to do the same with
strong crypto.
Martin Minow
[email protected]