home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: sci.crypt
- From: Owen.Lewis@purplet.demon.co.uk (Owen Lewis)
- Path: sparky!uunet!pipex!demon!purplet!Owen.Lewis
- Subject: Re: Limits on the Use of
- Organization: FidoNet node 2:252/305 - The Purple Tentacle, Reading
- Date: Tue, 5 Jan 1993 15:24:00 +0000
- Message-ID: <25.2B4A0D75@purplet.demon.co.uk>
- Sender: usenet@demon.co.uk
- Lines: 36
-
- -=> Quoting Jonathan Haas to All <=-
-
-
- JH> ...............(PGP)................ If the government tosses me in
- JH> jail for refusing to relinquish my private key as required by law,
- JH> it will likely get access to my UNIX account and all the files
- JH> contained thereon. My private key is protected by a password, and PGP
- JH> demands it each time I attempt to use it. Just how secure is PGP's
- JH> encryption of secret keys?
-
-
- Bull point.
-
- The better the cryptography, the greater the need to attack an
- information security system obliquely through its peripheral
- vulnerabilities or lax management.
- In private hands, too often the discipline to build and maintain a
- complete and strong security system is missing - even antipathetic to
- libertarian concepts. Information security requires thinking through from
- A-Z and to be made just as strong as as particular circumstances sensibly
- require.
-
- I think you correctly identify a potential vulnerability. What you or I
- do about it is up to us an not the writers of PGP. Close attention must
- reveal many other potential weaknesses beyond the control of the writrs.
- To be fair, Phil Zimmermann points this out and alludes to several
- potential causes of concern in PGP's documentation.
-
- Fundamentally, security is always a relative term.
-
-
-
-
- .. A truly wise man never plays leapfrog with a unicorn.
- ___ Blue Wave/QWK v2.11
-
-
