[24555] in Cypherpunks
Re: Why I have a 512 bit PGP key
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Dec 27 22:23:04 1994
To: eric@remailer.net (Eric Hughes)
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Tue, 27 Dec 1994 18:40:52 PST."
<199412280240.SAA02061@largo.remailer.net>
Reply-To: perry@imsi.com
Date: Tue, 27 Dec 1994 22:07:44 -0500
From: "Perry E. Metzger" <perry@imsi.com>
Eric Hughes says:
> From: "Ian Farquhar" <ianf@sydney.sgi.com>
>
> re: personal account tripwire
>
> The problem is that although you can protect the data file of
> hashes (by using a pass phrase to encrypt it), protecting the
> binary which does the checking is rather more difficult.
>
> Why not recompile the binary? All it needs to be is something like
> md5.c.
Read Ken Thompson's Turing Award lecture for why that isn't
sufficient. Its quite amusing.
Lets face it -- if you are truly paranoid, you have to carry your
machine around with you at all times and chain it to you.
Its all a question of threat model. For national security type attacks
nothing less than "chain machine to wrist" will do. For stopping a
casual attack, much less is needed. Its all in the threat model...
Perry
