From: Bryce <wilcoxb@taussky.cs.colorado.edu>
To: Alex Strasheim <cp@proust.suba.com>
Message Hash: a4aad2c4466c45b4f2102783824c3d441a22e560c127c70f2edd513e258a7ad0
Message ID: <199512070158.SAA11862@taussky.cs.colorado.edu>
Reply To: <199512060918.DAA06957@proust.suba.com>
UTC Datetime: 1995-12-07 01:57:24 UTC
Raw Date: Wed, 6 Dec 95 17:57:24 PST
From: Bryce <wilcoxb@taussky.cs.colorado.edu>
Date: Wed, 6 Dec 95 17:57:24 PST
To: Alex Strasheim <cp@proust.suba.com>
Subject: My conception of the ideal encryption tool for the masses
In-Reply-To: <199512060918.DAA06957@proust.suba.com>
Message-ID: <199512070158.SAA11862@taussky.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Alex Strasheim <cp@proust.suba.com> wrote:
>
> I don't know what blancw was getting at, but I'll take up his side of the
> argument. Can good security really be automated so well that people will
> have it without thinking about it?
>
> I create accounts at an ISP, and 90% of the people who walk in the door
> pick terrible passpwords, even after listening to a little speech about
> what makes a good one. I'd be willing to bet that more than half the
> people using PGP have passphrases that would fall quickly to a dictionary
> attack.
Yes, but even if your PGP passphrase is "pass", using
PGP gives you excellent security against anyone who
can't get access to your secret key.
I envision "Joe User" security as a pocket-computer
That has very limited capability. Basically it can
input data (but not executable code!), put Joe's
authentication-stamp (a.k.a. "signature", although
that's a misnomer) on that data, and output it.
It only does this in response to some kind of
authentication-action from Joe himself. Perhaps he
inputs a 4-digit PIN. (It should be designed so that
he can keep the PIN-input-device out of sight, say in
his pocket, while using it.) Furthermore it should
have an amnesia function where brute-forcing the PIN
fails (possibly wiping the secret key) and a duress
code PIN which fakes normal operation. (Possibly the
duress code replaces all the incoming data with "HELP
I'M BEING HELD UNDER DURESS!" before stamping it and
outputting it, then wipes the secret key and continues
to operate in fake mode.)
And of course its hardware should be "tamper-resistant"
for whatever that's worth.
I guess it should have a one-time function (burnable
ROM or whatever) which generates the secret key so that
Joe can generate the key himself rather than having it
done at the factory. It would be nice if Joe could
make a back-up of his secret key, but I don't see
anyway to do that without weakening the protection on
it.
Does this sound like something Joe could learn how to
use properly, and trust enough to store a few hundred
dollars in? He can choose his PIN himself and his
duress PIN can be a variation of the normal one. One
problem is that Joe can't necessarily tell what
information is being fed into his "stamper" to be
stamped. Possibly it could have an LCD display for
that purpose...
Hopefully it is apparent what kind of use this tool can
be put to. For example, Joe picks up a a carton of
milk at the grocery store, the store's cash register
submits a bill for $2.00 to Joe's stamper, which stamps
it, and Joe leaves. The grocer can submit Joe's signed
IOU to Joe's bank at his/her leisure later.
Variations on this theme. The main issue is how Joe
can keep track of what information his is stamping.
Regards,
Bryce
signatures follow
"To strive, to seek, to find and not to yield." -Tennyson
<a href="http://www.c2.org/~bryce/Niche.html">
bryce@colorado.edu </a>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01
iQCVAwUBMMZKHPWZSllhfG25AQEbSgP9HOYLQtCuEiok/JCvxHnq1Xxvx7aeXZH9
8OaC0GPEPFFNSnjerLTcvkbrn04JjHNBC10eMx3I8/jSTB6817M+M8+aTzqC44rH
m2krfLCOMPXXHejDJgzPn/OlsLRKzi1HgeiHphpL1NGoRyNk+mKzBmq59EbvOqeF
aSrF6QuEEpw=
=rHnb
-----END PGP SIGNATURE-----
Return to December 1995
Return to “tcmay@got.net (Timothy C. May)”