[2492] in cryptography@c2.net mail archive
Re: NYT Article on Groat Spy Case
daemon@ATHENA.MIT.EDU (Colin Plumb)
Mon Apr 13 20:35:48 1998
Date: Mon, 13 Apr 1998 17:42:26 -0600 (MDT)
From: Colin Plumb <colin@nyx.net>
To: karn@qualcomm.com, reinhold@world.std.com
Cc: cryptography@c2.net
> Indeed. I have long felt that the most direct and logical way to
> target any software cryptosystem, no matter how strong its
> cryptography, is to pull a bag job and install a trojan horse. For a
> system like PGP that has no perfect forward secrecy to
> compartmentalize the damage from a key compromise, this is especially
> easy. Just modify the PGP binary to quietly squirrel a copy of the
> user's secret key into his next message and pick it up later with a
> tap on his line. The trojan should then patch itself out to make it
> less likely to be discovered later.
Indeed. A hack that I've heard suggested but I can't remember the
origin of is to use the correspondence being exchanged between two
people as a packet on which to piggyback a continuous pipelined
series of Diffie-Hellman exchanges, so you can rekey on each message
exchange.
This complicates decrypting mail in that you have to do it on the right
machine and in the right order, and you have to re-encrypt
for archiving if you're not going to blow your security.
Does anyone have any ideas on how to overcome the convenience problems?
--
-Colin
