1994-12-28 - Re: Why I have a 512 bit PGP key

Header Data

From: danisch@ira.uka.de (Hadmut Danisch)
To: cypherpunks@toad.com
Message Hash: 186bfcc75ad9ef8535149da9fbd95773b75b1f634e1b54a4726b44bbd5bc7dc1
Message ID: <9412281707.AA20289@elysion.iaks.ira.uka.de>
Reply To: N/A
UTC Datetime: 1994-12-28 17:08:00 UTC
Raw Date: Wed, 28 Dec 94 09:08:00 PST

Raw message

From: danisch@ira.uka.de (Hadmut Danisch)
Date: Wed, 28 Dec 94 09:08:00 PST
To: cypherpunks@toad.com
Subject: Re: Why I have a 512 bit PGP key
Message-ID: <9412281707.AA20289@elysion.iaks.ira.uka.de>
MIME-Version: 1.0
Content-Type: text/plain


> Let's face it, creating the compiler-to-recognize-MD5 is quite a difficult
> problem, and if I were your system administrator and wanted to obtain
> access to your files, creating a special compiler version or otherwise
> attempting to cause your integrity check to fail would be one of the last
> forms of attack I'd try.

Who says that your attacker is your admin?

Is anybody here who ever checked  the source of the gcc compiler?

Why not modify the gcc to make it compile specific crypto
software (e.g. pgp) wrong, smuggling in any weakness?

Everyone checks the pgp signatures after receiving a new
version (do you?). Who checks the gcc ? Who checks the SunOS-cc ?

If the government wants to attack software like pgp it would be
easier to modify compilers than modifying the crypto sources.



> One of the easiest ways to
> subvert your security is simply to record your keystrokes.  It doesn't
> take a rocket scientist to hack your kernel (or whatever it's called on
> your OS) to do this.  And how do you detect it?

Why not building keyboards with 4MByte RAM ? Let him use any OS he wants to
use. Read out the keyboard at night by room-cleaning staff or by any program
able to communicate in a network. 


Hadmut




Thread