On Sun, Apr 02, 2000 at 01:00:56PM +0200, Bart Schuller wrote:
> On Sun, Apr 02, 2000 at 02:46:30PM +1000, Anthony Towns wrote:
> > PGP (v2.x, I'm not uptodate with the recent OpenPGP stuff), generates a
> > secret (albeit symmetric, rather than public/private keypair) IDEA key
> > everytime you try to encrpt a message. It encrypts the message with this
> > key, then encrypts the key with the recipients public key, and (and here's
> > the bit I was referring to) *sends that secret IDEA key across the net*.
> But you might emphasize that this secret key is used exactly once, just
> for this message. Intercepting it won't allow you to sign other stuff as
> someone else.
Intercepting the IDEA key will let you do one class of bad things
(reading a supposedly confidential message), intercepting the security-key
will let you do another class of bad things (impersonating the security
team). Intercepting one key isn't particularly easier or harder than
intercepting the other.
The point is that in both cases intercepting the key is a Bad Thing. The
point is that in both cases, any possibility of intercepting the key
has to be avoided for any security to exist at all. And the point is
that in both cases on-the-wire interception of the key is avoidable by
the simple expediency of encrypting the key before sending it.
Why do people seem to think signing stuff is some black art, and wave
chickens legs about and act all superstitiously when talking about
sending things over the net, or putting things on a semi-public computer?
There's nothing to be superstitious about. There are valid risks to
consider and then avoid, but that's *it*.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.
``The thing is: trying to be too generic is EVIL. It's stupid, it
results in slower code, and it results in more bugs.''
-- Linus Torvalds
Attachment:
pgpCVWpW9J0DP.pgp
Description: PGP signature