1997-02-02 - Re: Key Security Question

Header Data

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
To: cypherpunks@toad.com
Message Hash: b8ee97f9f525214ca59555ff865a69b4e6601ddff9090026022012b007a2ef43
Message ID: <VB7H2D9w165w@bwalk.dm.com>
Reply To: <199702020557.XAA17186@manifold.algebra.com>
UTC Datetime: 1997-02-02 15:11:25 UTC
Raw Date: Sun, 2 Feb 1997 07:11:25 -0800 (PST)

Raw message

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sun, 2 Feb 1997 07:11:25 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Key Security Question
In-Reply-To: <199702020557.XAA17186@manifold.algebra.com>
Message-ID: <VB7H2D9w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com (Igor Chudov @ home) writes:

> Dr.Dimitri Vulis KOTM wrote:
> > Bill Stewart <stewarts@ix.netcom.com> writes:
> > > On the other hand, if the "repairman" replaced your pgp executable
> > > with version 2.6.3kgb, which uses your hashed passphrase as the
> > > session key, you're hosed.  Or if he installed a keystroke sniffer,
> > > or added a small radio transmitter to your keyboard, or whatever.
> > > Depends on your threat model.  If you need to be paranoid,
> > > they've already gotten you....
> >
> > If you're really paranoid, you can boot from a clean floppy and
> > reinstall everything from your backup tapes. You do have a
> > contingency plan in case your hard disk goes bad, or gets a
> > virus, don't you? Well, if you're in doubt, exercise it.
>
> And what if the repairman replaces BIOS ROM chips with KGBios?

On some computers it's possible to add executable code to the boot
sequence without replacing the actual ROM chip because they're
rewritiable. Examples: most Sun boxes; intel motherboards with
'flash bios'.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





Thread