[625] in bugtraq
Re: Xwindows security?
daemon@ATHENA.MIT.EDU (Darren Reed)
Wed Jan 11 21:14:41 1995
From: Darren Reed <avalon@coombs.anu.edu.au>
To: adam@bwh.harvard.edu (Adam Shostack)
Date: Thu, 12 Jan 1995 12:15:49 +1100 (EDT)
Cc: kinch@julian.uwo.ca, bugtraq@fc.net
In-Reply-To: <199501112222.RAA11819@bwh.harvard.edu> from "Adam Shostack" at Jan 11, 95 05:22:11 pm
>
> Dave Kinchlea wrote:
>
> | On Wed, 11 Jan 1995, Rens Troost wrote:
> | > Jon> encrypted system (like say krb5) could be much better if done
> | >
> | > Yeah, clearly. kerberos is so heavyweight, though that few sites end
> | > up installing it. Perhaps a pgp-based thing would catch on more. No
> | > gnarly key distribution architecture needed.
> |
> | I have been think hard along these lines and I *think* it can be done but I
> | can't think of any way of ensuring that some human being (system
> | administrator or not) will be able to read the pass-phrase and/or secret
> | key via delving into /dev/[k]mem. The only possible way that I can think
> | of is to have the pgp `device' be completely external but physically
> | connected to the machine (presumably chained into the ethernet
> | connection). What you then `trust' is the pgp device which will encrypt
> | all outgoing traffic appropriately and decrypt all incoming traffic (that
> | it can). The host cannot be involved, if Unix is in charge anyway.
> |
> | It is *essential* that the theoretical pgp device be able to detect any
> | physical and virtual snooping -- that pass phrase/secret key must not ever
> | be known to anyone, including the manufacturer and the system
> ...
> | Can such a device be built? Does this make any sense at all?
>
> Perfect security is not possible. That means we should aim
> for good security. Worrying that a passphrase might be stolen is not
> productive if it prevents you from building good code that does more
> than the systems in place today. Remember, PGP stands for "Pretty
> Good Privacy," not super duper all things to all people security.
Hmm...or diverging away from pgp, what about a system like s/key ?
(one-time authentication for X windows connections).
Darren
