From: cactus@seabsd.hks.net (L. Todd Masco)
Date: Sat, 17 Dec 94 16:33:08 PST
To: cypherpunks@toad.com
Subject: QUERY: S/Keyish PGP?
Message-ID: <199412180038.TAA03190@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


A quick question: Has anybody considered the possibility of hacking
something into PGP's password protection to allow an S/Key like access?

IE, I'm sitting here in FL on a 2400 bps modem, telnetted through Netcom's
dialup to hks.net, so I'm not bloody likely to be typing my passphrase
in and thus am barred from using PGP (without hideous contortions, that
is).

My questions:

	- Has anybody done any work on making an S/Key-like mechanism
	with the assumption that the machine running PGP is (somewhat)
	secure?  This I'm certain is technically possible.  More complex:

	- Has anybody put any thought into a mechanism based upon one-time
	passwords for regulating PGP private key use on shared, insecure
	machines (strength == quality of password, of course)?  If people
	could have a widget very much like the Macintosh S/Key widget on
	their Mac fom which they could cut-n-paste their one time password,
	it seems like we'd be one step closer to addressing concerns like
	Tim's.

Just a thought... A GUCAPI would make such a mechanism easier, of course
(I haven't abandoned the GUCAPI thought: I'm just gestating).
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLvOEUSoZzwIn1bdtAQGRSgF8DAt6/1WjmiU3clMy0E+EU4RDmcF0JaGC
Y+pNb8dgOzWXEr9b5EyWM0BS4uqw13mK
=Xsa9
-----END PGP SIGNATURE-----