"PGP Encryption Proves Powerful"
John Kelsey
kelsey.j at ix.netcom.com
Sat May 31 12:39:58 EDT 2003
At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote:
>So what happened to passphrase guessing? That's got to be
>one of the weakest links. Unless their private key wasn't
>stored on the device?
One thought: How hard would it be to write a Palm app to use the
interaction between several devices to derive a key or password, using the
IR ports? The whole thing could easily be encrypted under a common
key. Require the attacker to get a device from each member of the cell (or
3/5 or some such)
before recovering the actual encrypted secrets. I wouldn't be surprised if
technologically sophisticated terrorists and spies were doing stuff like
that. (You could easily do this with pen and paper, too, for simple
control structures. Each member of the cell holds some parts of the
password written down, and 4/5 of them have to get togther to reconstruct
the full password.)
>--Anton
--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list