1995-01-10 - Re: QUERY: S/Keyish PGP?

Header Data

From: cactus@seabsd.hks.net (L. Todd Masco)
To: cypherpunks@toad.com
Message Hash: db999dd17fe41fa4bf8daf23818b8c9cd0895e963a92332a29aab79ca12d3cd4
Message ID: <199501102249.RAA01602@bb.hks.net>
Reply To: N/A
UTC Datetime: 1995-01-10 22:45:00 UTC
Raw Date: Tue, 10 Jan 95 14:45:00 PST

Raw message

From: cactus@seabsd.hks.net (L. Todd Masco)
Date: Tue, 10 Jan 95 14:45:00 PST
To: cypherpunks@toad.com
Subject: Re: QUERY: S/Keyish PGP?
Message-ID: <199501102249.RAA01602@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----


I'm catching up on old mail...


In response to my query, 
Adam Shostack <adam@bwh.harvard.edu> wrote:
>
>| A quick question: Has anybody considered the possibility of hacking
>| something into PGP's password protection to allow an S/Key like access?
>
>	I thought of this, bounced it off a few people, none of whom
>caught the flaw.  When I got around to implementing it, I realized
>that for it to work, your key would have to be securely stored on your
>unix box without encryption.

I caught that.  What I was hoping for was something that would allow
a key to be use for a specific purpose once and only once by a given
passphrase.  Ideally, this could be done on a machine that was totally
insecure.

I didn't catch the fundamental flaw, though.  If the machine is
compromised the key can always be compromised by taking an image of the
previous state and replaying whatever passphrase was intercepted.

Bummer.
- - --
Todd Masco     | "life without caution/ the only worth living / love for a man/
cactus@hks.net |  love for a woman/ love for the facts/ protectless" - A Rich
Cactus' Homepage

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLxLUPBNhgovrPB7dAQEn8gP8DrC3h9Dv21JGgg4Vsz/76gnUfnTJBPD+
PPyZ2gi2dzzQOVkYsxZBHQs7kRq6ZSANNbCfM5wY1GbBagZvv2gAPMx9bESudH+l
wtoFcZGH5Az85O+k6FhN/QsOjJq/PaHUbNMui1Q+QKrMqU4I/UGCJCxAVRP8/wfS
8rLKzm7TxTU=
=LxUH
- -----END PGP SIGNATURE-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLxMPACoZzwIn1bdtAQH7DAF9EMimhI0J9JUN9bqaHhsz2opQXZSIQC+g
D32kU3ELjC58Y4Ig3e9fLLrPoGtTub85
=Uq/c
-----END PGP SIGNATURE-----





Thread