On Mon, 12 Sep 1994, Adam Shostack wrote:
To do this properly, you would want one shot passphrases, similar to S/Key. The implementation I see would have PGP hash your pass phrase some large number of times (say 1000, which takes less than a second on my 68030 mac) before using it to decrypt your pass phrase.
Then, when logged in from a line being sniffed, you would invoke PGP -1es ..., and when prompted for your pass phrase you would enter 800/something-ugly-that-md5-makes. PGP would then md5 this 200 times, and you'd have demonstrated your knowledge of your passphrase without ever sending it over a line. Clearly, PGP would need to store the fact that you had used #800, and only accept lower numbers.
I can see how this gets around the problem of sending cleartext passphrases over a network, but how does it help stop the problem of the remote system running a keystroke log that is handed over to the authorities during a bust? Armed with 800/some-number they can just type the same thing into PGP (or a modified copy) and decrypt the files that you were keeping on-line. Regards, - Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet <asb@nexor.co.uk> Telephone +44 115 952 0585 | | PGP 2.6ui fingerprint: EC 80 9C 96 54 63 CC 97 FF 7D C5 69 0B 55 23 63 | +-------------------------------------------------------------------------+