From: Andrew Brown <a.brown@nexor.co.uk>
To: cypherpunks@toad.com
Message Hash: bb23defb2d526c6dd3b99c1c52ea052ffd0537804b7e66ca3f4cd00c543d63ee
Message ID: <Pine.3.89.9409141257.A10742-0100000@victor.nexor.co.uk>
Reply To: <199409121554.LAA10096@bwh.harvard.edu>
UTC Datetime: 1994-09-14 11:30:01 UTC
Raw Date: Wed, 14 Sep 94 04:30:01 PDT
From: Andrew Brown <a.brown@nexor.co.uk>
Date: Wed, 14 Sep 94 04:30:01 PDT
To: cypherpunks@toad.com
Subject: Re: Running PGP on Netcom (and Similar)
In-Reply-To: <199409121554.LAA10096@bwh.harvard.edu>
Message-ID: <Pine.3.89.9409141257.A10742-0100000@victor.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
On Mon, 12 Sep 1994, Adam Shostack wrote:
> > To do this properly, you would want one shot passphrases,
> >similar to S/Key. The implementation I see would have PGP hash your
> >pass phrase some large number of times (say 1000, which takes less
> >than a second on my 68030 mac) before using it to decrypt your pass
> >phrase.
> >
> > Then, when logged in from a line being sniffed, you would
> >invoke PGP -1es ..., and when prompted for your pass phrase you would
> >enter 800/something-ugly-that-md5-makes. PGP would then md5 this 200
> >times, and you'd have demonstrated your knowledge of your passphrase
> >without ever sending it over a line. Clearly, PGP would need to store
> >the fact that you had used #800, and only accept lower numbers.
I can see how this gets around the problem of sending cleartext
passphrases over a network, but how does it help stop the problem of the
remote system running a keystroke log that is handed over to the
authorities during a bust? Armed with 800/some-number they can just type
the same thing into PGP (or a modified copy) and decrypt the files that
you were keeping on-line.
Regards,
- Andy
+-------------------------------------------------------------------------+
| Andrew Brown Internet <asb@nexor.co.uk> Telephone +44 115 952 0585 |
| PGP 2.6ui fingerprint: EC 80 9C 96 54 63 CC 97 FF 7D C5 69 0B 55 23 63 |
+-------------------------------------------------------------------------+
Return to September 1994
Return to “tcmay@netcom.com (Timothy C. May)”