Re: Question of Ethic
From: AE (nospam_at_hidden.com)
Date: 07/04/03
- Next message: Douglas A. Gwyn: "Re: Surviving Einstein."
- Previous message: Scott Coutts: "Re: MAN AS OLD AS COAL -- Catastrophic Evidence"
- In reply to: Andrew Swallow: "Re: Question of Ethic"
- Next in thread: Colin Andrew Percival: "Re: Question of Ethic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 04 Jul 2003 08:10:38 +0200
Andrew Swallow wrote:
>
> Can you just put a password on the bosses keyring/file?
> Give him an automated script that decrypts a message
> given the file name and the password.
>
> This makes it into an MMI/ergonomic issue rather than
> a major security problem.
>
> Andrew Swallow
We don't know anything about their reasoning (I think this lack of
communication is the primary problem) but as long as we are just able to
guess it seems to me like they want to avoid a keyring at all or they
would already have accepted Tom's first design.
I could imagine they don't want to have an additional file that has to
be stored somewhere and may be lost or not available at some time.
>From my point of view the best approach to reduce the resulting security
problem is to derive a private key from a password (well knowing that
this password might become available to others, can't be changed,
contains less enthropy than a randomly chosen key and so on).
At least this removes the problem of having to store a symmetric key in
an application.
AE
- Next message: Douglas A. Gwyn: "Re: Surviving Einstein."
- Previous message: Scott Coutts: "Re: MAN AS OLD AS COAL -- Catastrophic Evidence"
- In reply to: Andrew Swallow: "Re: Question of Ethic"
- Next in thread: Colin Andrew Percival: "Re: Question of Ethic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
