Re: Xwindows security?
Darren Reed (avalon@coombs.anu.edu.au)
Thu, 12 Jan 1995 12:15:49 +1100 (EDT)
>
> Dave Kinchlea wrote:
>
> | On Wed, 11 Jan 1995, Rens Troost wrote:
> | > Jon> encrypted system (like say krb5) could be much better if done
> | >
> | > Yeah, clearly. kerberos is so heavyweight, though that few sites end
> | > up installing it. Perhaps a pgp-based thing would catch on more. No
> | > gnarly key distribution architecture needed.
> |
> | I have been think hard along these lines and I *think* it can be done but I
> | can't think of any way of ensuring that some human being (system
> | administrator or not) will be able to read the pass-phrase and/or secret
> | key via delving into /dev/[k]mem. The only possible way that I can think
> | of is to have the pgp `device' be completely external but physically
> | connected to the machine (presumably chained into the ethernet
> | connection). What you then `trust' is the pgp device which will encrypt
> | all outgoing traffic appropriately and decrypt all incoming traffic (that
> | it can). The host cannot be involved, if Unix is in charge anyway.
> |
> | It is *essential* that the theoretical pgp device be able to detect any
> | physical and virtual snooping -- that pass phrase/secret key must not ever
> | be known to anyone, including the manufacturer and the system
> ...
> | Can such a device be built? Does this make any sense at all?
>
> Perfect security is not possible. That means we should aim
> for good security. Worrying that a passphrase might be stolen is not
> productive if it prevents you from building good code that does more
> than the systems in place today. Remember, PGP stands for "Pretty
> Good Privacy," not super duper all things to all people security.
Hmm...or diverging away from pgp, what about a system like s/key ?
(one-time authentication for X windows connections).
Darren