From: tcmay@netcom.com (Timothy C. May)
Date: Mon, 12 Sep 94 10:43:21 PDT
To: usura@xs4all.nl (Alex de Joode)
Subject: Re: Running PGP on Netcom (and Similar)
In-Reply-To: <199409121057.AA01026@xs1.xs4all.nl>
Message-ID: <199409121657.JAA18367@netcom16.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Alex de Joode writes:

...
> : had logs of keystrokes entered, which strikes me as something they
> : would probably have--we really need a "zero knowledge" kind of
> : "reach-back" for remotely-run PGP.)
> 
> Would a "challange response" type of verification do the "trick", ie
> is it secure enough for passphrase monitering ?

Well, I iused the "reach-back" term in a vague way, to suggest an
avenue...it may not be the correct term.

We need a system where a user, Alice, computes *something different
every time*...a conventional "challenge-response" is not good enough,
as anyone monitoring the line or having access to the logs can then
impersonate Alice. Zero knowledge interactive proof systems offer such
a thing...in fact, password schemes are one of the applications that
have been written about.

Maybe in PGP 4.0....

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."