1994-12-28 - Re: Why I have a 512 bit PGP key

Header Data

From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 5e0c6bc208b113c9913287060cc891807b6d2e2f4cda3c732ef027f9a32082a2
Message ID: <199412281551.HAA02892@largo.remailer.net>
Reply To: <9412281344.AA09514@wombat.sware.com>
UTC Datetime: 1994-12-28 15:51:50 UTC
Raw Date: Wed, 28 Dec 94 07:51:50 PST

Raw message

From: eric@remailer.net (Eric Hughes)
Date: Wed, 28 Dec 94 07:51:50 PST
To: cypherpunks@toad.com
Subject: Re: Why I have a 512 bit PGP key
In-Reply-To: <9412281344.AA09514@wombat.sware.com>
Message-ID: <199412281551.HAA02892@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: Jeff Barber <jeffb@sware.com>

   > ???  An upload can be automated, just like anything other solution.

   Then the automated part (script or whatever) simply becomes another piece
   that needs to be protected.

There need be no part of the script/etc. that relies upon persistent
information on the target machine.  You can simulate the whole thing
as typing, if need be.

   You've merely added the compiler and its
   associated utilities to your regression list.  

It occurs to me that there's no need even to use the compiler, if
you're willing to upload binary images directly.  

And if you want to use the compiler, the effort involved in making a
recognizer for an ever mutating source is not trivial.  Variable names
can change, parse trees can change, control structures can change.

   Nothing is gained --
   other than additional irritation and delay.

Additional cost of subversion is _exactly_ the issue here.  We're not
talking about perfect security; that's impossible in this case, and
has been acknowledged as impossible.  What is at issue is making it
difficult for a not-completely-dedicated-to-your-destruction sysadmin
to subvert personal files.

Furthermore, the pragmatics of a personal tripwire are that it only
needs to indicate failure once.  As soon as I found out that my files
weren't safe in their place of residence, I'd leave.  The practical
question should not be one of fighting a running battle with a hostile
root; root always wins, period.  A useful outcome of this discussion
would be a feasible way of detecting the first modification.  Almost
always this will not be a full-scale effort.

Eric





Thread