CDR: Re: Lions and Tigers and Backdoors, oh, my...

David Honig honig at sprynet.com
Thu Sep 28 12:03:43 PDT 2000


At 01:51 PM 9/28/00 -0400, Michael Motyka wrote:

>You're running these crypto modules on an MS OS? Plaintext is entered
>via the PC HW/MS Drivers and then exists in memory on the MS system?
>This probably describes the environment for most users, though not
>necessarily most of those on this list. So why run any crypto at all? On
>Linux, maybe, unless you installed a binary that was compromised or
>there is a keyboard logger built into the chipset. But on MS it is
>probably wasted cycles. Unless it gives you a warm fuzzy feeling, I
>guess. Maybe I'm just paranoid.
>
>Mike

One very common security model is that the security perimeter includes
the PC and you're only concerned with transmission interception.  

MS is swiss cheese but most OS have some weakness in many configs.

How many people actually look at the source of the code they
install on *nix machines???  How many of those who do are actually qualified
to do security reviews?  Cf. recent PGP bugs.

If you're really worried you'd use a sealed PDA (that you can control at
all times) to capture/render and the PC is just for transport.  [This
applies Tim's modularity argument to hardware.]

I'd consider a Starium unit a dedicated PDA in this context.

Of course, both PDA and Starium remain succeptible to shoulder surfing, bugs, 
your windows modulating a laser, etc.

dh








  









More information about the cypherpunks-legacy mailing list