begin quoting Todd Walton as of Thu, Dec 06, 2007 at 06:37:48AM -0600: > On Dec 5, 2007 1:21 PM, SJS <[EMAIL PROTECTED]> wrote: > > How valuable is the information you and Aunt Millie exchange? > > Oh, extremely valuable. She's the Minister of Defense and I'm > Jean-Claude Van Damme.
So there are a lot of people who want to listen in and are willing to go through some expense and effort; therefore, it's worth some significant expense and effort on your part to prevent 'em. > > Who had control of it before you had the token? Untrusted third parties? > > > > How trustworthy is your neighbor kid? Would you leave him alone with > > your computer for an hour? Or your ultra-secure telephone hardware? > > Yes, yes, yes. I guess my point was, Is subversion of the token even > possible? I guess the answer is yes. Subversion is _always_ possible. It's a matter of resources and effort. > My real scenario is slightly > different. It's a soft token and I was wondering if it could be sent > by email. Sent unencrypted? Stored on the disk of the mailer servers? Cached by your ISPs awaiting a non-warrant government request? Hm. Easy approach would be to send an ssh public key, and then ssh in to the other's machine. Otherwise, this is just screaming out for a Diffie-Hellman key exchange. > > How long have you known the kid? The parents? How does he react to you? > > He seems to like me, but just last weekend I saw him sprout insect > legs and run across the desert when he thought no one was looking. That's not so suspicious. -- No worries. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
