From: Alex de Joode <usura@xs4all.nl>
Date: Mon, 12 Sep 94 03:58:11 PDT
To: cypherpunks@toad.com
Subject: Re: Running PGP on Netcom (and Similar)
Message-ID: <199409121057.AA01026@xs1.xs4all.nl>
MIME-Version: 1.0
Content-Type: text/plain



Timothy C. May (tcmay@netcom.com) did write:

: Not that had Mr. De Payne been using PGP on Netcom, with his secret
: key stored there, the cops would have it. (The passphrase maybe not,
: depending on whether he stored _that_ there, too. And whether Netcom
: had logs of keystrokes entered, which strikes me as something they
: would probably have--we really need a "zero knowledge" kind of
: "reach-back" for remotely-run PGP.)

Would a "challange response" type of verification do the "trick", ie
is it secure enough for passphrase monitering ?

: I just don't think the dangers are worth it. All the theoretical hot
: air about whether kestroke timings are "random enough" is moot if
: Netcom is turning over records to investigators.

: --Tim May

--
____      Alex de Joode                            <usura@xs4all.nl>  
\  /__    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 \/  /    "It's dangerous to be right when the government is wrong." 
   \/     --Voltaire     --finger usura@xs4all.nl for PGPpublicKEY--