Hi,

   > How? The key-phrase is ( should be ) embedded in your brain and no-where 
else. 

Nope. let us join the real world. Us computer people are happy to remember 
our passwords, and never write them down. However, is that the normal 
experience? I think not. What is KWallet?
 A tool for writing down your passwords on the computer......
Oh, and how many computer people do you know that have one password they 
use everywhere, or have used that one password for the last 10 years???


Consider:
 a government we know quite well has just released a man after he was 
imprisoned (on no charge) for 2 years. Does that sound like a nice 
government? 
This leads me to suspect that security forces do not play nice.

I can easily imagine a larger government (such as one that has recently 
invaded an oil rich country with dubious international support) being able 
to "put the acid" on internet telephony providers and get a copy of your 
conversations.

Sorry list, I have delved into politics here. I have done this to 
illustrate the point, Governments have considerable powers, and can do 
some quite serious things.
 
Please, please, can we not get sidetracked into the rights and wrongs of
the above events. I wish to use the above events to illustrate the point - 
Governements can wave their legal stick and do things.


=======================================
> There is no organization which holds keys to ring up.

I think  that is true/wrong. For a public key based system, there 
is no central repository of keys.  However, what about 
skype/speak-freely etc ? You have to log into their server.



Derek.
=======================================================================
On Thu, 16 Dec 2004, Christopher Sawtell wrote:

> On Thu, 16 Dec 2004 19:38, Derek Smithies wrote:
> > Now, how secure is speaking-freely? In fact, it is not that secure.
> > Sure, it is encrypted etc, but the PC itself is not secure. Not secure.
> > The police (or other interested parties) enter your house, disk image.
> > They go away, and find the secret key etc.
> How? The key-phrase is ( should be ) embedded in your brain and no-where 
> else. 
> 
> > Or they find the password 
> > written down on a bit of paper on top of the keyboard. Yes yes, this is a
> > bit of an effort, but it is much much easier than using a cray computer
> > for 120 years.
> It has been rumoured, that given enough data, that the NSA can crack a 
> RSA/PGP/GPG key in about 4 days. They have very powerful purpose-built 
> machines specially for the purpose.
> 
> > Alternatively, they cannot be bothered getting a disk image. They ring
> > up speaking-freely,
> There is no organization which holds keys to ring up.
> 
> > and "execute a search warrant". In other words, they 
> > get your password, and learn how to decrypt speaking-freely coms.
> The only way they can get your pass-phrase is to ask you for it,
> but that's a bit specious now that PGP has been cracked.
> 
> http://speak-freely.sourceforge.net/
> and
> http://www.speak-freely.org/
> 
> Although not exactly up to date and quite long, this link gives 
> a nice overview of public key cryptography.
> http://cryptome.org/crypto97-ne.htm
> 
> 

-- 
Derek Smithies Ph.D.                           This PC runs pine on linux for 
email
IndraNet Technologies Ltd.                     If you find a virus apparently 
from me, it has
Email: [EMAIL PROTECTED]                    forged  the e-mail headers on 
someone else's machine
ph +64 3 365 6485                              Please do not notify me when 
(apparently) receiving a
Web: http://www.indranet-technologies.com/     windows virus from me......

Reply via email to