Re: [TCLUG:11721] Email Security (was Re: [TCLUG:11699] Mess ...)

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:11721] Email Security (was Re: [TCLUG:11699] Mess ...)
From: Thomas Veldhouse <veldy@visi.com>
Date: Thu, 30 Dec 1999 13:38:05 -0600 (CST)
In-Reply-To: <19991230125016.H32702@omnifarious.mn.org>



On Thu, 30 Dec 1999, Eric M. Hopper wrote:

> On Thu, Dec 30, 1999 at 12:37:09PM -0600, Thomas Veldhouse wrote:
> 	I've thought of writing a daemon that would sit around and sign
> things.
> 
> 	It would keep your unecrypted private key in secure memory, and
> wipe it under certain conditions, like you not having entered your
> password in set amount of time.  And it would probably also wipe it
> after a certain number of signatures had been made, limiting damage.
> 
> 	It would use file-descriptor passing to verify that any program
> requesting a signature was really run by you.
> 
> 	It would be a little less secure.
> 
> 	Some person could wait around as root, waiting for you to run
> the program, then su to you and use it to forge signatures.  This would
> run the risk of popping up a dialog box on your screen, requesting a
> pass-phrase when you hadn't asked for anything to be signed.
> 
> 	Of course, right now I'm typing my passphrase into an X window,
> which is passing it to a program that sends it to a pseudo terminal
> where it is again passed through a file descriptor to the program that
> does the actual signing.  Lots of points of interception there if the
> person has root on your box.
> 
> 	Ideally, I'd have some Palm Pilot like device that could sign
> things after getting some verification from me that I am who I am.  That
> would both be more convenient, AND more secure.  If I lost it, I could
> quickly post my key revokation signature to the net, and it's likely the
> attacker wouldn't have cracked it by then.

That sounds interesting - and quite fun.  You could also get the password
from some other secure source.  for instance, you could create a daemon on
another box which is secured by a simpler password.  The password could be
DES encrypted and the daemon could shut down after two failed attempts.
If the proper password is submitted, your secure password is returned -
also DES encrypted.  This procedure avoids sniffers.  You then build an
internal firewall around your daemon that will ONLY communicate with
specific computers (i.e. on your subnet).  Thus, you can use an insecure
password with full security.  Distributed computing at its best.

Tom Veldhouse
veldy@visi.com

References:
- Re: [TCLUG:11721] Email Security (was Re: [TCLUG:11699] Mess ...)
  - From: "Eric M. Hopper" <hopper@omnifarious.mn.org>

Prev by Date: Re: [TCLUG:11742] mirror @ cs.umn.edu
Next by Date: Re: [TCLUG:11742] mirror @ cs.umn.edu
Prev by thread: Re: [TCLUG:11721] Email Security (was Re: [TCLUG:11699] Mess ...)
Next by thread: Re: [TCLUG:11699] Messages As Attachments [was Re: [TCLUG:11633]Ipaddress timouts]
Index(es):
- Date
- Thread