Re: a hole in PGP
So Dr. Cohen, what do you use when you want to send a message across the Internet with better security than cleartext? What do your recommend to others? Marc
So Dr. Cohen, what do you use when you want to send a message across the Internet with better security than cleartext? What do your recommend to others?
I use different techniques when different levels of protection are required, and I definately don't use the Internet for anything that is really vital because of the ease of gaining intelligence indicators based on traffic analysis. I commonly use FAX machines from non-fixed locations for point-to-point communications where I don't want it to be tapped from my end. I often use telephone lines with modems for other secure communications depending on the requirements. I have used DES for some limited items with the key sent over a separate channel, RSA for short time-limited secure messages, one-time-pads for certain really critical stuf between myself and a single other trusted party, special secure telephones as required by organizations for select communications, various custom ciphers for communication with parties who have special requirements, dictionary and codebook ciphers on rare occasions, wheel ciphers of various sorts, a variety of custom authentication ciphers, and who knows what else. I never recommend a solution without knowing a fair amount about the specific challenge it is supposed to address. I typically start with an understanding of the general environment, the financial and/or human issues, the threat profile, the protection environment, the other dependencies and protection factors, and other factors related to the reasons for protection. Once I have this understanding, I make value judgements about how much I trust things relative to the requirement for trust and other limitations presented by the situation. Sorry I can't give you a pat answer like "I use Joe's Cryptobox", but that's just the way it is. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
In message <9508012013.AA14958@all.net>, fc@all.net (Dr. Frederick B. Cohen) writes:
I never recommend a solution without knowing a fair amount about the specific challenge it is supposed to address. I typically start with an understanding of the general environment, the financial and/or human issues, the threat profile, the protection environment, the other dependencies and protection factors, and other factors related to the reasons for protection. Once I have this understanding, I make value judgements about how much I trust things relative to the requirement for trust and other limitations presented by the situation.
Ok. IMHO, that's a perfectly valid position. Under what circumstances do you consider pgp to be a suitable tool? Do you think there is a better tool under similar circumstances? Marc
I never recommend a solution without knowing a fair amount about the specific challenge it is supposed to address. I typically start with an understanding of the general environment, the financial and/or human issues, the threat profile, the protection environment, the other dependencies and protection factors, and other factors related to the reasons for protection. Once I have this understanding, I make value judgements about how much I trust things relative to the requirement for trust and other limitations presented by the situation.
Ok. IMHO, that's a perfectly valid position. Under what circumstances do you consider pgp to be a suitable tool? Do you think there is a better tool under similar circumstances?
That's a tough one. I generally follow the supreme court's view of not handling hypotheticals, but I will give you some ideas about my view. I think that PGP is almost always suitable for casual conversation that is to be kept from casual snooping. Without specifically recommending its use in any particular situation, I generally think that it is suitable for select applications where: - The threat profile does not include well-funded professional cryptanalysts, police agencies, governments, serious financial rivals, criminals, or other high-grade threats. - The implications of corruption, non-delivery, repudiation, or traffic analysis are not extremely important. - The implications of leakage isn't financially or otherwise catastrophic. - No lives are at stake. - My reputation doesn't depend on it. I think that PGP is an excellent tool in many ways, however, I have numerous difficulties with the lack of adequate interface to it in other packages. I am not really keen on its keyring concepts and other similar things, but that's not a real issue in this frame of reference. I have serious concerns about the fact that use of this system does not prohibit people who are not knowledgeable about the limitations of public key cryptography from using it in ways that may result in the revelation or weakening of private keys or other similar potential problems. For that reason, I would not advise the use of PGP for any non-casual application outside of the context of a comprehensive information protection program designed to provide assurance of its proper generation, configuration, installation, application, and use. There are almost certainly other concerns that I would express in an evaluation for any particular purpose. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
From: fc@all.net (Dr. Frederick B. Cohen) Date: Tue, 1 Aug 1995 16:13:09 -0400 (EDT) X-Mailer: ELM [version 2.4 PL22] Content-Type: text Content-Length: 1941 Sender: owner-cypherpunks@toad.com Precedence: bulk
So Dr. Cohen, what do you use when you want to send a message across the Internet with better security than cleartext? What do your recommend to others?
I use different techniques when different levels of protection are required, and I definately don't use the Internet for anything that is really vital because of the ease of gaining intelligence indicators based on traffic analysis. So you don't trust the remailers? Is this because you don't trust the remailer implementations or because you don't trust digital mixes in the first place? I never recommend a solution without knowing a fair amount about the specific challenge it is supposed to address. I typically start with an understanding of the general environment, the financial and/or human issues, the threat profile, the protection environment, the other dependencies and protection factors, and other factors related to the reasons for protection. Once I have this understanding, I make value judgements about how much I trust things relative to the requirement for trust and other limitations presented by the situation. Actually, it sounds like you don't use anything that can be used by someone not a professional old-time cryptographer. Phil
participants (3)
-
fc@all.net -
Marc Horowitz -
Phil Fraering