From: Christian Wettergren <cwe@Csli.Stanford.EDU>
To: perry@piermont.com
Message Hash: c2c516e2085088cba1d95913a129e32b5a3195dd1874c7994babb561b10c840d
Message ID: <199509190819.BAA15784@Csli.Stanford.EDU>
Reply To: <199509190424.AAA01393@frankenstein.piermont.com>
UTC Datetime: 1995-09-19 08:19:55 UTC
Raw Date: Tue, 19 Sep 95 01:19:55 PDT
From: Christian Wettergren <cwe@Csli.Stanford.EDU>
Date: Tue, 19 Sep 95 01:19:55 PDT
To: perry@piermont.com
Subject: Re: Brute Force and Smart Force
In-Reply-To: <199509190424.AAA01393@frankenstein.piermont.com>
Message-ID: <199509190819.BAA15784@Csli.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain
| Adam Shostack writes:
| > Perhaps we should refocus our efforts on attacking PGP, to see
| > if there are holes there? (I'm not suggesting there are, but it
| > would be nice to see some code written to extend Crack to phrases,
| > do some more code review, etc.)
|
| Probably a worthwhile enterprise. Unfortunately, Netscape and the like
| are low hanging fruit -- its much simpler to find holes in things, er,
| of that, er, ah, quality -- and one probably rightfully gets more
| press for breaking them.
What I don't understand is why the law-enforcement is so concerned
about bruting things. It is probably quite easy to tap the keyboard,
smart force, exchange the binary with the real thing etc for them?
(Unless they want to read it all from a nice tipped-back armchair in
a certain location? :-))
What I'm saying is that this kind of attack should work quite easily
in the one-by-one cases, but not on a large scale, malicious data,
trojan horses, outright bugging. So why all this Clipper (son-of-X)
fuss?
Ok, not for all data, especially not for the "untouched, rarely used"
ones. But is this any different from hiding your diary in a very safe
place anyway?
/Christian
Return to September 1995
Return to ““Perry E. Metzger” <perry@piermont.com>”