> > Dave Kinchlea wrote: > > | On Wed, 11 Jan 1995, Rens Troost wrote: > | > Jon> encrypted system (like say krb5) could be much better if done > | > > | > Yeah, clearly. kerberos is so heavyweight, though that few sites end > | > up installing it. Perhaps a pgp-based thing would catch on more. No > | > gnarly key distribution architecture needed. > | > | I have been think hard along these lines and I *think* it can be done but I > | can't think of any way of ensuring that some human being (system > | administrator or not) will be able to read the pass-phrase and/or secret > | key via delving into /dev/[k]mem. The only possible way that I can think > | of is to have the pgp `device' be completely external but physically > | connected to the machine (presumably chained into the ethernet > | connection). What you then `trust' is the pgp device which will encrypt > | all outgoing traffic appropriately and decrypt all incoming traffic (that > | it can). The host cannot be involved, if Unix is in charge anyway. > | > | It is *essential* that the theoretical pgp device be able to detect any > | physical and virtual snooping -- that pass phrase/secret key must not ever > | be known to anyone, including the manufacturer and the system > ... > | Can such a device be built? Does this make any sense at all? > > Perfect security is not possible. That means we should aim > for good security. Worrying that a passphrase might be stolen is not > productive if it prevents you from building good code that does more > than the systems in place today. Remember, PGP stands for "Pretty > Good Privacy," not super duper all things to all people security. Hmm...or diverging away from pgp, what about a system like s/key ? (one-time authentication for X windows connections). Darren