At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote:

So what happened to passphrase guessing?  That's got to be
one of the weakest links.  Unless their private key wasn't
stored on the device?

One thought: How hard would it be to write a Palm app to use the interaction between several devices to derive a key or password, using the IR ports? The whole thing could easily be encrypted under a common key. Require the attacker to get a device from each member of the cell (or 3/5 or some such)
before recovering the actual encrypted secrets. I wouldn't be surprised if technologically sophisticated terrorists and spies were doing stuff like that. (You could easily do this with pen and paper, too, for simple control structures. Each member of the cell holds some parts of the password written down, and 4/5 of them have to get togther to reconstruct the full password.)


--John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to