Alex de Joode writes: ...
: had logs of keystrokes entered, which strikes me as something they : would probably have--we really need a "zero knowledge" kind of : "reach-back" for remotely-run PGP.)
Would a "challange response" type of verification do the "trick", ie is it secure enough for passphrase monitering ?
Well, I iused the "reach-back" term in a vague way, to suggest an avenue...it may not be the correct term. We need a system where a user, Alice, computes *something different every time*...a conventional "challenge-response" is not good enough, as anyone monitoring the line or having access to the logs can then impersonate Alice. Zero knowledge interactive proof systems offer such a thing...in fact, password schemes are one of the applications that have been written about. Maybe in PGP 4.0.... --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."