From: SAMUEL.KAPLIN@warehouse.mn.org (SAMUEL KAPLIN)
To: cypherpunks@toad.com
Message Hash: c9a0a8a453d1a14844a12cfd79bb255aa3ff667fb4104d273ca0e58bea149535
Message ID: <B15C780A@warehouse.mn.org>
Reply To: N/A
UTC Datetime: 1994-09-12 07:59:09 UTC
Raw Date: Mon, 12 Sep 94 00:59:09 PDT
From: SAMUEL.KAPLIN@warehouse.mn.org (SAMUEL KAPLIN)
Date: Mon, 12 Sep 94 00:59:09 PDT
To: cypherpunks@toad.com
Subject: Running PGP on Netcom (an
Message-ID: <B15C780A@warehouse.mn.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Running PGP on Netcom (and Similar)
From: tcmay@netcom.com (Timothy C. May)
Subject: Running PGP on Netcom (and Similar)
To: cypherpunks@toad.com
Cc: tcmay@netcom.com (Timothy C. May)
>> Not that had Mr. De Payne been using PGP on Netcom, with his secret
>> key stored there, the cops would have it. (The passphrase maybe not,
>> depending on whether he stored _that_ there, too. And whether Netcom
>> had logs of keystrokes entered, which strikes me as something they
>> would probably have--we really need a "zero knowledge" kind of
>> "reach-back" for remotely-run PGP.)
Never mind the keystroke logs, if his line was wiretapped they have all
of the keystrokes coming in and going out. Get his secret keyring from
Netcom and they could monitor his communications with out a problem.
>> I just don't think the dangers are worth it. All the theoretical hot
>> air about whether keystroke timings are "random enough" is moot if
>> Netcom is turning over records to investigators.
>> It creates a dangerous illusion of security.
What illusion of security? If I have my secret keyring residing someplace
where I can't physically control who has access to it, no way is this
keyring secure!! It goes against the definition of a secret. Once you tell
someone a secret, It no longer is a secret. In effect this person has told
Netcom his secret, therefore it no longer is a secret. Just because you're
paranoid, doesn't mean they're not out to get you. Be paranoid!!
>> (For those with no home machines, and perhaps those who mainly use
>> campus services, work stations, etc., I'm not faulting you; people use
>> what they have to use. Longer term, though, PGP needs to run on secure
>> hardware. Secure meaning not easily grabbed by the authorities without
>> even one's knowledge!!)
This just goes to prove that no matter how secure the crypto system is, if
it is implemented in an insecure way, the whole system is compromised. If
you are using a "One Time Pad" to communicate with someone and you make an
extra set of pages and give them to someone that you really don't know and
trust (Netcom), no way can you call this secure. Even though most will
agree that the "One Time Pad" is the most secure crypto system, it is being
implemented in an insecure way hence it is insecure.
--BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.1
mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD
DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC
tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT
tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV
nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0
J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni
4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthg==
=M8Dh
--END PGP PUBLIC KEY BLOCK-----
-----------------------------------------------------------------------------
Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard
Compuserve: 75240,131 | outside a Roman brothel.
samuel.kaplin@warehouse.mn.org |
75240,131@compuserve.com | Change is the only constant in the
For confidential communications use PGP | Universe..."Four quarters, please."
-----------------------------------------------------------------------------
===========================================================================
Processed by WILDUUCP! v1.00 for WILDCAT!
===========================================================================
Return to September 1994
Return to “SAMUEL.KAPLIN@warehouse.mn.org (SAMUEL KAPLIN)”
1994-09-12 (Mon, 12 Sep 94 00:59:09 PDT) - Running PGP on Netcom (an - SAMUEL.KAPLIN@warehouse.mn.org (SAMUEL KAPLIN)