1994-03-12 - Re: brainstorming on cpunks’ eve

Header Data

From: Adam Shostack <adam@bwh.harvard.edu>
To: phantom@u.washington.edu (Matt Thomlinson)
Message Hash: 958e8ea24c6ced56f9dc0f2f41c8e19ffaf5209893368a4bd29c40be1a6e9e06
Message ID: <199403121622.LAA20537@duke.bwh.harvard.edu>
Reply To: <Pine.3.89.9403112006.A15246-0100000@stein1.u.washington.edu>
UTC Datetime: 1994-03-12 16:22:47 UTC
Raw Date: Sat, 12 Mar 94 08:22:47 PST

Raw message

From: Adam Shostack <adam@bwh.harvard.edu>
Date: Sat, 12 Mar 94 08:22:47 PST
To: phantom@u.washington.edu (Matt Thomlinson)
Subject: Re: brainstorming on cpunks' eve
In-Reply-To: <Pine.3.89.9403112006.A15246-0100000@stein1.u.washington.edu>
Message-ID: <199403121622.LAA20537@duke.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


Matt Thomlinson:

| Other possible net services: random number services, which don't keep
| logs of the numbers it produces -- have it spit a statistically-correct
| random stream each time a port is opened? Would this be that useful?

	If the random number scheme is subject to evesdropping, which
it would be over todays net, then the numbers you use, while they may
show no pattern, could be known to an attacker, which would probably
make them far less useful.  A better way to spend your time would be to
design a bit of public domain hardware that could be easily built by
anyone who wanted a hardware rng.


| Also, one could set up a hashing/signing service, more akin to a time
| stamp service. Mail would be sent to your service, which would attach
| the output of 'date' to the bottom of the msg and then +clearsig it. I'm
| thinking that chains of two or maybe three reliable machines should be 
| used, since all it takes to break this is to change the clock on the
| machine you're signing with. With a few (>1) machines, it becomes
| very clear that the message was sent at a certain time. Perhaps this 
| could be used in the future for "Registered Mail" type exchanges, or 
| perhaps as part of a "Digital Notary" system?

	If you include the signatures of the previous several messages
in the signed message, and issue each a message ID, changing the time
becomes easier to detect.  If you keep all messages signed that week,
and publish a checksum in an easily found source, say the New York
Times, then you're repeating work already done at Bell Labs.  (I'm
sure someone could find a reference if anyone wants to get in touch
with these folks?)



Adam

-- 
Adam Shostack 				       adam@bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.





Thread