Dear JP, > A reminder that 1mdc-grams INHERENTLY USES a > "click on this" pin-number approach as a security > supplement. > 1mdc-grams also applauds e-gold's optional "SRK" interface.
Yeah. If nothing else, e-gold can claim some major improvements on the patents of Turk et al. Implementation matters a great deal, as Gold Barter Holdings has learned. JP, please tell me: does your inherent "click-on-this interface" involve choosing the original password in that fashion? As you can see, if the password is typed even one time, when it is first set up, it is at risk of key sniffer technology. There are other issues. If the password is randomly generated and sent by e-mail, that mail needs to be encrypted. The next versions of encryption software need to have a click-on-this interface, as well, to prevent the encryption key's password from being sniffed. (As a warning, I had acquaintance with a federal agency's tech guy who was pushing the notion that the password aspect of PGP was a weakness they would exploit as far back as 1998.) Next point: Tempest-resistant screen interface. The click-on-this interface is GUI (graphical user interface) and therefore subject to compromise with a TEMPEST or "van Eck" device. A recent advanced version of PGP offers a TEMPEST-resistant screen (dark blue on light blue, and fuzzy) which is harder to read from a secondary monitor. What is TEMPEST? It is the 1970s code name for a project to develop the technology pioneered by van Eck, who had this idea that one could tap into the radiation from a CRT, tune to the exact frequency of each particular monitor, and read screens from some distance away. As of about 1995, a directional antenna and other gear available from Radio Shak lets one read screens from as far away as 2 kilometers, if the screen in question is a cathode ray tube (which emits a bunch of radiation in the radio part of the spectrum). A flat screen display, such as a laptop, emits much less radiation, and antennae have to be much higher gain, and much closer to get similar results. Defeating TEMPEST in total requires a Faraday cage. This device is a box made of metal mesh or metal which surrounds your computer equipment, especially any of it which radiates R/F noise. The metal mesh has to be smaller than the relevant wavelength of the R/F being suppressed. It should either be slightly charged, or very well grounded. Michael Faraday demonstrated that no charge can escape from inside a metal box. So, the R/F leakage should be zero, in theory. In practice, a wave guide, such as a power cable, coming into the Faraday cage, can allow for significant radiation. So these cables should be shielded. And, of course, if you hook to the Internet from within such a cage, you have all kinds of possible holes to plug or firewall in order to prevent your data from being compromised. As you can see, there are many ways to get at your secure data. It is a non-trivial task to keep your information, and thus your customers' info, secure from prying eyes, whether those be competitors, hooligans, hacking enthusiasts, cracking criminals, or the members of the legislated-law enforcement community. Privacy, like other forms of freedom, isn't given away. It is earned, with the fixed price of eternal vigilance. Regards, Jim http://www.ezez.com/free/freejim.html --> your group's next speaker should be so erudite! --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!
