From: Peter Shipley <shipley@tfs.COM>
Date: Thu, 15 Oct 92 18:03:41 PDT
To: cypherpunks@toad.com
Subject: Re: one time pads
In-Reply-To: <9210160007.AA18430@soda.berkeley.edu>
Message-ID: <9210160103.AA06271@edev0.TFS>
MIME-Version: 1.0
Content-Type: text/plain



>
>Physical security is not a big issue for RSA (in the pgp implementation)
>because the secret key ring is itself encrypted.  The problem is not so much
>physical-intrusion-to-get-the-key as it is physical intrusion aimed at
>modifying software.

To add my two cents, I once had some sensitive files solen from me.
the cracker had modified the crypt command to record passwords
and current directory (since crypt only works on stdin and stdout).

In a matter of a few days they have my crypt password and enough infomation
from my file to raise some real hell.  

Note that they did not bother with breaking the crypt or guessing the password
they just rigged the system binaries.

		-Pete

PS: this happend a year ago, and last  month a copy of the files
    appeared on some systems owned by the Bay Area Air Quality Management
    District in SF (baaqmd).

PPS: I *know* that crypt is insecure but I had tared/compressed it and des
	was not avalible on the systems I was working on.