Running PGP on Netcom (an
Subject: Running PGP on Netcom (and Similar) From: tcmay@netcom.com (Timothy C. May) Subject: Running PGP on Netcom (and Similar) To: cypherpunks@toad.com Cc: tcmay@netcom.com (Timothy C. May)
Not that had Mr. De Payne been using PGP on Netcom, with his secret key stored there, the cops would have it. (The passphrase maybe not, depending on whether he stored _that_ there, too. And whether Netcom had logs of keystrokes entered, which strikes me as something they would probably have--we really need a "zero knowledge" kind of "reach-back" for remotely-run PGP.)
Never mind the keystroke logs, if his line was wiretapped they have all of the keystrokes coming in and going out. Get his secret keyring from Netcom and they could monitor his communications with out a problem.
I just don't think the dangers are worth it. All the theoretical hot air about whether keystroke timings are "random enough" is moot if Netcom is turning over records to investigators. It creates a dangerous illusion of security.
What illusion of security? If I have my secret keyring residing someplace where I can't physically control who has access to it, no way is this keyring secure!! It goes against the definition of a secret. Once you tell someone a secret, It no longer is a secret. In effect this person has told Netcom his secret, therefore it no longer is a secret. Just because you're paranoid, doesn't mean they're not out to get you. Be paranoid!!
(For those with no home machines, and perhaps those who mainly use campus services, work stations, etc., I'm not faulting you; people use what they have to use. Longer term, though, PGP needs to run on secure hardware. Secure meaning not easily grabbed by the authorities without even one's knowledge!!)
This just goes to prove that no matter how secure the crypto system is, if it is implemented in an insecure way, the whole system is compromised. If you are using a "One Time Pad" to communicate with someone and you make an extra set of pages and give them to someone that you really don't know and trust (Netcom), no way can you call this secure. Even though most will agree that the "One Time Pad" is the most secure crypto system, it is being implemented in an insecure way hence it is insecure. --BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0 J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni 4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthg== =M8Dh --END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin@warehouse.mn.org | 75240,131@compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- =========================================================================== Processed by WILDUUCP! v1.00 for WILDCAT! ===========================================================================
participants (1)
-
SAMUEL.KAPLINï¼ warehouse.mn.org