From: karn@qualcomm.com (Phil Karn)
To: perobich@ingr.com
Message Hash: 0ccb2d37b41d1d7d4cd909fbc872e13f426b7949d8331ff3266a5b304ff1edf3
Message ID: <9308111916.AA03336@servo>
Reply To: <199308101603.AA28136@poboy.b17c.ingr.com>
UTC Datetime: 1993-08-11 19:16:59 UTC
Raw Date: Wed, 11 Aug 93 12:16:59 PDT
From: karn@qualcomm.com (Phil Karn)
Date: Wed, 11 Aug 93 12:16:59 PDT
To: perobich@ingr.com
Subject: Secure voice software issues
In-Reply-To: <199308101603.AA28136@poboy.b17c.ingr.com>
Message-ID: <9308111916.AA03336@servo>
MIME-Version: 1.0
Content-Type: text/plain
>The reason behind my original proposal of a system that could use PGP
>keyrings is thus: let's say that I want to call you. I tell my
>cryptophone to call "Phil Karn", so it looks up your public key and
>uses it to encrypt my side's session key, then signs the encrypted
>version with my public key.
You're creating an unnecessary vulnerability here. By using RSA to
encrypt the session key, all of your past conversations would be
compromised if your RSA secret key were ever revealed.
True, this is already the case for PGP-encrypted messages which are
usually sent over unidirectional mail channels. There you can't
really do much better.
Voice calls are different, as the availability of a two-way path lets
you do things much more securely. If you generate a session key with
DH and use PGP/RSA *only to sign the exchanges*, not to encrypt the
session key, then even if your RSA secret key is later compromised, it
would not compromise those session keys that had already been created,
used and destroyed.
This is a very powerful feature! Consider the profound effect it would
have on the whole topic of "rubber hose cryptanalysis", either in its
pure unadulterated form (blackmail, torture, death threats) or in its
"legal" form (being compelled to divulge an encryption key that could
be used against you, despite the 5th amendment). Session keys could be
created, authenticated, used and destroyed without the user ever
having to know them, or even having any way to recreate them after the
fact despite knowledge of the RSA secret key that was used to
authenticate them.
Phil
Return to August 1993
Return to “thug@phantom.com (Murdering Thug)”