At 05:21 AM 10/16/2001, Ben Laurie wrote: >Rick Smith at Secure Computing wrote: > > >Is this a serious security failure in PGP? > > > > No, it's a problem with any programmable computer. If you can install new > > programs, you can install changes to existing programs. > >That is not true - its a function of the OS and the type of access you >have. I can install new programs on my Unix box but without root I >cannot change existing programs, for example.
If you have physical access to a commercial computing device, be it Unix or Microsoft or anything else, and you have the right tools, you can reprogram the OS, the applications or both, to do whatever you want. The tools aren't that expensive or that hard to acquire, especially for an intelligence/law enforcement organization. Physical access always trumps the software access controls which we must rely on to protect the plaintext and passphrases handled by PGP. Rick. [EMAIL PROTECTED] roseville, minnesota "Authentication" in bookstores http://www.visi.com/crypto/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
