1992-10-16 - Re: one time pads

Header Data

From: Eric Hollander <hh@soda.berkeley.edu>
To: “George A. Gleason” <gg@well.sf.ca.us>
Message Hash: 6d1555d9ba7e7f5df99b0b1e6d959204e559a393d247f7263b6320400b221fe9
Message ID: <9210160007.AA18430@soda.berkeley.edu>
Reply To: <199210150922.AA09387@well.sf.ca.us>
UTC Datetime: 1992-10-16 00:08:10 UTC
Raw Date: Thu, 15 Oct 92 17:08:10 PDT

Raw message

From: Eric Hollander <hh@soda.berkeley.edu>
Date: Thu, 15 Oct 92 17:08:10 PDT
To: "George A. Gleason" <gg@well.sf.ca.us>
Subject: Re: one time pads
In-Reply-To: <199210150922.AA09387@well.sf.ca.us>
Message-ID: <9210160007.AA18430@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Physical security is not a big issue for RSA (in the pgp implementation)
because the secret key ring is itself encrypted.  The problem is not so much
physical-intrusion-to-get-the-key as it is physical intrusion aimed at
modifying software.  It would be easy to modify pgp so that the keys are
logged, etc, in a way transparent to the user.  This is why it is important
to keep both the keys and the software that manipulates them off line.  It
is also important to keep the software from being tampered with.  The best
way to do this is to put the keys and the software on a hard disk, and put
the hard disk in a computer, and carry the computer with you whereever you
go.

e





Thread