Earthlink to Test Caller ID for E-Mail

Eugen Leitl eugen at leitl.org
Mon Mar 8 02:44:00 PST 2004


On Mon, Mar 08, 2004 at 09:19:23AM +0000, Ben Laurie wrote:

> And it doesn't even work in theory - once your PC is hacked, the
> passphrase would be known the first time you used it.

True, but in the current threat model passphrase snarfing is yet negligible
(keyloggers look for credit card info, etc.). Also, the fraction of 0wn3d
to pristine machines is low, and likely go become lower in future. So the
egress points of spam remain few, and if they come with signatures, so much
better for us. If they don't come with signatures, or use variable signatures
(if you disregard entropy pool issues, how many signatures/min can you churn
out on a desktop PC?), ditto (if you compute spam score by signed, and know
signed vs unsigned).

*BSD and Linux penetration rate (desktop, not server) is low, Redmondware is
about to become similiarly hardened at the network layer. Things are still a
bit dismal at the userland executable level, but security has become a
selling argument. So, sooner or later, they will have to start selling
something palpably more secure, instead of just waffling about it.

The passphrase locking idear won't fly, but a biometrics-lockable wallet
could. Isn't
part of Pd envelope goal establishing a tamper-proof compartment? We know Pd
is evil, but once hardware support is everywhere, one can as well use it for
something positive, for a change.

-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]





More information about the cypherpunks-legacy mailing list