Re: PGP scripting...

From: Andrew MacKenzie (andy@edespot.com)
Date: 01/10/03

Next message: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."

Previous message: Timo Sirainen: "Re: Preventing ptrace()"
In reply to: lsi: "Re: PGP scripting..."
Next in thread: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
Reply: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
Reply: Ed Carp: "Re: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 10 Jan 2003 13:45:07 -0500
From: Andrew MacKenzie <andy@edespot.com>
To: secprog@securityfocus.com

Thanks all for the input on this topic. I have gotten many ideas from the
discussion, and hopefully I'll be able to put some of them to work. But I
do have one more question.

> It is impossible to securely automate crypto. Using specialised
> tamper-resistant hardware minimises risk, but that pesky passphrase is
> still stored programmatically - it's just inside a black box with semi-
> proprietary I/O, hardware and algorithms. If using a standard computer
> to decrypt, it must be protected via additional mechanisms to minimise
> risk. Semi-automated crypto is more secure - but then someone needs to
> type a password somewhere. Automated private-key approaches should not
> be used.
If the passphrase were to be entered by hand, say at boot time or some
such, would the security gain be much greater (depending on the strength of
the passphrase of course)? Is a brute force attack on the passphrase the
only reasonably possible means by which one can decrypt the data?

Again, thanks for all the wonderful input!

-- 
// Andrew MacKenzie  |  http://www.edespot.com
// "It is a miracle that curiosity survives formal education"
//      -- Albert Einstein.

application/pgp-signature attachment: stored

Next message: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
Previous message: Timo Sirainen: "Re: Preventing ptrace()"
In reply to: lsi: "Re: PGP scripting..."
Next in thread: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
Reply: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
Reply: Ed Carp: "Re: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Inexcusable weakness in Kmail / GnuPG
... a journo, i can't take any chances, so i don't keep my passphrase in memory. ... So i decrypt the incoming message, and then i reply to it ... If you forward an encrypted memo as an attachment, ... While it's always good for us to be paranoid, ...
(Bugtraq)
Question about password checkin
... I want to do a symetric crypt program wich crypt and decrypt file using a ... To decrypt a file, a dialog box will ask a pass-phrase. ... When entering passphrase for decrypting, I decryp the complete file, I ... compute the hash and I compare. ...
(sci.crypt)
Writing to a Process
... I'm trying to decrypt a file using GPG and starting it via a ... to write the passphrase to the process using the StandardIn stream. ... nothing is ever sent to the process window. ... DotNetProcess myProcess = new DotNetProcess; ...
(microsoft.public.dotnet.languages.csharp)
Re: Beginner Question:Gnupg Decryption
... I would need to specify both, the private keys passphrase and the key- ... id in order to decrypt ... email recipients could burteforce the message and easily detect weak ... From the fact that this CGI program has been written in Haskell, ...
(sci.crypt)
fileno
... I am using gpg within a Perl program to decrypt some data files. ... use fileno function but it is hanging waiting on the passphrase. ...
(perl.beginners)