[9750] in cryptography@c2.net mail archive
Rubber hose attack
daemon@ATHENA.MIT.EDU (vertigo)
Thu Nov 1 20:11:17 2001
Date: Thu, 1 Nov 2001 12:08:43 -0500 (EST)
From: vertigo <vertigo@panix.com>
To: JohnE37179@aol.com
Cc: Jason.Gruber@btinternet.com, <cryptography@wasabisystems.com>
In-Reply-To: <5a.f9d302.2911c4b0@aol.com>
Message-ID: <Pine.NEB.4.40.0111011128450.13741-100000@panix1.panix.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> On Wed, 31 Oct 2001 JohnE37179@aol.com wrote:
> In closed systems, yes. However, even in those environments there is a
> substantial risk, because there really are no "trusted," or otherwise
> authoritative third parties, short of a full blown background check.
> Approximately 80% of all attacks are from those "trusted" insiders.
John,
True, attacks are usually carried-out by known and/or trusted individuals.
I suppose I was thinking more about key management on a theoretical level.
The infamous "rubber hose attack" still exists. Once you really get down
to the real-world level, things begin breaking down. Identity theft is trivial
unless your proof of identity is always changing (e.g. SecureID), duplication
of that proof is made reasonably difficult (algorithmically, physically, how-
ever), and the proof itself is kept reasonably secure. It appears that a lot
of work has to be done and a lot of money spent before even a small amount of
trust in an individual's proof of identity (on a world- or Internet-wide
scale) can be established.
Nathan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
