[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Security Question

To: [email protected]
Subject: Re: Key Security Question
From: [email protected] (Dr.Dimitri Vulis KOTM)
Date: Sun, 02 Feb 97 09:34:18 EST
Comments: All power to the ZOG!
In-Reply-To: <[email protected]>
Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
Sender: [email protected]

[email protected] (Igor Chudov @ home) writes:

> Dr.Dimitri Vulis KOTM wrote:
> > Bill Stewart <[email protected]> writes:
> > > On the other hand, if the "repairman" replaced your pgp executable
> > > with version 2.6.3kgb, which uses your hashed passphrase as the
> > > session key, you're hosed.  Or if he installed a keystroke sniffer,
> > > or added a small radio transmitter to your keyboard, or whatever.
> > > Depends on your threat model.  If you need to be paranoid,
> > > they've already gotten you....
> >
> > If you're really paranoid, you can boot from a clean floppy and
> > reinstall everything from your backup tapes. You do have a
> > contingency plan in case your hard disk goes bad, or gets a
> > virus, don't you? Well, if you're in doubt, exercise it.
>
> And what if the repairman replaces BIOS ROM chips with KGBios?

On some computers it's possible to add executable code to the boot
sequence without replacing the actual ROM chip because they're
rewritiable. Examples: most Sun boxes; intel motherboards with
'flash bios'.

---

<a href="mailto:[email protected]">Dr.Dimitri Vulis KOTM</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps

References:
- Re: Key Security Question
  - From: [email protected] (Igor Chudov @ home)

Prev by Date: IRS Can't Compete
Next by Date: RE: Libel, Times v. Sullivan
Prev by thread: Re: Key Security Question
Next by thread: Re: Key Security Question
Index(es):
- Date
- Thread