From: Frank Stuart <fstuart@vetmed.auburn.edu>
To: willday@rom.oit.gatech.edu
Message Hash: e53be4d0def62c40e46af7c19f991fa7cb9ac100ddc7f7a3526f461f5a744ff7
Message ID: <199608202331.SAA25854@snoopy.vetmed.auburn.edu>
Reply To: N/A
UTC Datetime: 1996-08-21 03:44:49 UTC
Raw Date: Wed, 21 Aug 1996 11:44:49 +0800
From: Frank Stuart <fstuart@vetmed.auburn.edu>
Date: Wed, 21 Aug 1996 11:44:49 +0800
To: willday@rom.oit.gatech.edu
Subject: Re: Hackers invade DOJ web site
Message-ID: <199608202331.SAA25854@snoopy.vetmed.auburn.edu>
MIME-Version: 1.0
Content-Type: text/plain
[...]
Will Day (willday@rom.oit.gatech.edu) wrote:
>I understand how it affects their claim for the security of escrowed
>keys, but I'm afraid I don't follow the other argument. How would the
>wide availability of strong encryption have helped prevent the breakin?
>How would encryption in general prevent breakins? I'd love to use this
>as an argument for strong encryption, but I don't see how it really
>applies.
Since we don't know how the intruders broke in, we can only speculate. I
can think of several scenarios where cryptographic techniques could help.
I can also think of several where they wouldn't. When you've only got 20
seconds to explain to a non-technical audience, I don't think it's dishonest
to say that it might have prevented it.
Off the top of my head, here are a couple examples:
1. It's possible that a DOJ employee logged in from a remote site while
the intruders were snooping somewhere along the way. If the link had
been encrypted, that would have made things much more difficult or
impossible for the attackers.
2. Perhpas the intruders used IP spoofing and .rhosts to break in. If
machines had to be cryptographically authenticated, a rsh from the
wrong machine wouldn't work.
I think my 20 seconds are up. :>
| (Douglas) Hofstadter's Law:
| It always takes longer than you expect, even
Frank Stuart | when you take into account Hofstadter's Law.
Return to August 1996
Return to “nobody@huge.cajones.com (Huge Cajones Remailer)”