1993-08-28 - Physical security lapses will getcha every time.

Header Data

From: fergp@sytex.com (Paul Ferguson)
To: cypherpunks@toad.com
Message Hash: fbd3ccb64fcb14a6a7e6ccf716bf2ad6e20c6df85c2b90074149ba103e9b6f5c
Message ID: <ym8u9B4w165w@sytex.com>
Reply To: N/A
UTC Datetime: 1993-08-28 01:43:27 UTC
Raw Date: Fri, 27 Aug 93 18:43:27 PDT

Raw message

From: fergp@sytex.com (Paul Ferguson)
Date: Fri, 27 Aug 93 18:43:27 PDT
To: cypherpunks@toad.com
Subject: Physical security lapses will getcha every time.
Message-ID: <ym8u9B4w165w@sytex.com>
MIME-Version: 1.0
Content-Type: text/plain

On Fri, 27 Aug 1993 01:46:57 -0400 (EDT),
 Mike Ingle <uunet!delphi.com!MIKEINGLE> wrote -
> The most likely place for a bug would be in the randomness.
> I suppose it is possible that a one-line bug somewhere could
> leave out most of the randomness, making the keys still look
> random but actually be predictable. Random number generation
> is hard to verify. How has that in PGP been checked? The PGP
> source is so big and spread out, it's hard to check. I don't
> think there is a bug, but it would be nice if PGP were
> carefully examined and attacked. Where are these rumors
> coming from? They are bad for the cause.
Let's be realistic, Mike.
The biggest threat to any security, on any basis, is the threat of
human nature. The chances of someone factoring your PGP encoded
message is somewhere in the range of slim-to-none, but the chances
of someone (you) -physically- compromising their key is much, much
In fact, I'd venture to say that it's much higher than even you or I
imagine, given the fact that some folks ignore what most of us would
deem common sense and use PGP on a multi-user system (such as a SUN
server, any other UNIX-flavored workstation, or even a Netware
Fact Two: That's why you won't see messages from me either (a.)
signed with PGP, or (b.) encrypted with PGP from any of my other
e-mail accounts. All are UNIX (open) environments and I don't like
the implications of the possibilities of my secret key being exposed,
even if I do trust the folks I work with. Call me a schizoid.
Version: 2.3a

Paul Ferguson               |  "Government, even in its best state,
Network Integrator          |   is but a necessary evil; in its worst
Centreville, Virginia USA   |   state, an intolerable one."
fergp@sytex.com             |      - Thomas Paine, Common Sense
Type bits/keyID   Date       User ID
pub  1024/1CC04D 1993/03/15  Paul Ferguson <fergp@sytex.com>
  Key fingerprint =  EE D2 93 7D 04 6D C6 05  AC 36 AD 9D 8E 4F 41 58