[7194] in cryptography@c2.net mail archive
Re: NSA back doors in encryption products
daemon@ATHENA.MIT.EDU (Rick Smith)
Fri May 26 00:27:57 2000
Message-Id: <3.0.3.32.20000525114243.009b2ab0@mailhost.sctc.com>
Date: Thu, 25 May 2000 11:42:43 -0500
To: David Honig <honig@sprynet.com>, Jim Choate <ravage@einstein.ssz.com>,
Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>
From: Rick Smith <rick_smith@securecomputing.com>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>, John Gilmore <gnu@toad.com>,
cryptography@c2.net, gnu@cygnus.com
In-Reply-To: <3.0.6.32.20000525091247.007f2580@pop.sprynet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 09:12 AM 05/25/2000 -0700, David Honig wrote:
>Your data still goes through an operating system, etc., so the
>real issue is a closed system: encrypt on a PDA which is under your
>close personal control and does not download new executables. Let your
>untrustworthy networked-PC be merely its gateway.
Of course, nothing's perfect. PDAs have their hot sync, which put copies of
your sensitive files (and wrapped/encrypted keys or passwords, no doubt) on
your PC. And the hot sync will also download software onto your PDA,
providing a channel (albeit narrow) for subversion.
It's lots safer than a PC, but a well funded adversary can find a way.
Rick.
smith@securecomputing.com
