1992-10-17 - physical security

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: aa53c7eb3d16e72286fbd184c013bd5ced033edc6ae0025925d8643d6f7da553
Message ID: <9210172114.AA28842@soda.berkeley.edu>
Reply To: <9210160007.AA18430@soda.berkeley.edu>
UTC Datetime: 1992-10-17 21:15:21 UTC
Raw Date: Sat, 17 Oct 92 14:15:21 PDT

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Sat, 17 Oct 92 14:15:21 PDT
To: cypherpunks@toad.com
Subject: physical security
In-Reply-To: <9210160007.AA18430@soda.berkeley.edu>
Message-ID: <9210172114.AA28842@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



Physical security for pgp is also necessary if you store your pass
phrase in memory.

As far as modification, detection is good enough, but you'd better
make sure your program to detect modifications is not itself
compromised!  (Does anybody detect an imminent arms race here?)

Eric Hollander is correct.  Ideally, your keys and your encryption
mechanism should be kept secure.  At some point in the future, a small
card which contains all of this will be standard equipment, as well as
a port to plug it into.

Eric





Thread