Rubber hose attack
vertigo
vertigo at panix.com
Thu Nov 1 12:08:43 EST 2001
> On Wed, 31 Oct 2001 JohnE37179 at aol.com wrote:
> In closed systems, yes. However, even in those environments there is a
> substantial risk, because there really are no "trusted," or otherwise
> authoritative third parties, short of a full blown background check.
> Approximately 80% of all attacks are from those "trusted" insiders.
John,
True, attacks are usually carried-out by known and/or trusted individuals.
I suppose I was thinking more about key management on a theoretical level.
The infamous "rubber hose attack" still exists. Once you really get down
to the real-world level, things begin breaking down. Identity theft is trivial
unless your proof of identity is always changing (e.g. SecureID), duplication
of that proof is made reasonably difficult (algorithmically, physically, how-
ever), and the proof itself is kept reasonably secure. It appears that a lot
of work has to be done and a lot of money spent before even a small amount of
trust in an individual's proof of identity (on a world- or Internet-wide
scale) can be established.
Nathan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list