1998-11-01 - Re: don’t use passwords as private keys (was Re: Using a password as a private key.)

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@cyberpass.net
Message Hash: 651d32792e36f82c70f36ad1b9c6d754a029b93032c6d77ff654c88e1833ccda
Message ID: <199810312353.SAA23037@camel7.mindspring.com>
Reply To: <3.0.5.32.19981030182933.008baae0@idiom.com>
UTC Datetime: 1998-11-01 00:23:00 UTC
Raw Date: Sun, 1 Nov 1998 08:23:00 +0800

Raw message

From: John Young <jya@pipeline.com>
Date: Sun, 1 Nov 1998 08:23:00 +0800
To: cypherpunks@cyberpass.net
Subject: Re: don't use passwords as private keys (was Re: Using a   password as a private key.)
In-Reply-To: <3.0.5.32.19981030182933.008baae0@idiom.com>
Message-ID: <199810312353.SAA23037@camel7.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain



Steve Schear wrote:

>That's why some recommend that all secret e-mail be composed and encrypted
>on a laptop while disconected from the AC mains, and better yet operated in
>an open area (a park) or a place with lots of other electrical noise (a
>mall).

Not to beat an NDA horse but while we're waiting for NSA to
process our FOIA request for TEMPEST docs, are there
products available to shield a desktop box, or better, a laptop?

We're so ignorant of what's allegedly in the classified docs
that we're trying to design a glass box with RF glazing materials
supplied by a corp that makes it for buildings. It would fit over
the box, keyboard and monitor, and should shield them, but 
leaves cables and power lines to solve, not counting how to get 
our hands into the keyboard. As an alternative we're looking at
a reengineered CAD tablet with puck to select letters and/or 
words/phrases, or maybe a voice gadget. Yeh, yeh, bugs in 
the lamp, but one solution at a time.

If we get it to work, or at least credibly marketable to people more 
techno-stupid than we are, following the cryptography model,
we figure we'll position it as an upscale decorative hot shit 
privacy fashion statement, an anti-spy-tech ensemble made of
temperature sensitive glass to change thoughout the day or as 
passions wax and wane with the market and self-image. 

Retail price: oh, maybe, $25,000 for 100% assured RF protection
("Not Even NSA Can Snoop!) of your secret business communications 
and sordid affairs, give or take a few leakages that'll never be missed 
until the mate's PI burgles the crystal. 

Someone's going to suggest a copper screen sandwiched in pinstriped
serge, but how do you see the monitor? Or a Frank Gehry-warped
Faraday cage, or god knows what's under the NDA blanket. However, 
time's running out: when NSA releases those 12 TEMPEST docs next 
summer that 1000% percent markup on classified TEMPEST products 
is going down.

The market's going to be flooded with certified fakes, ours leading.
The brand name's a secret but you'll see it on the ticker.

Speaking of promo, we saw last night on the Free Congress site a reference
to a report titled "Cyhperpunks v. Cryptocrats: The Battle Over US Encryption
Standards," by Lisa S. Dean. We missed that in the past and the site only
cites it without a link. Anybody know of it, and how to get it? See:

   http://www.freecongress.org/ctp/echelon.html







Thread