Bugtraq mailing list archives
Re: Xwindows security?
From: kinch () julian uwo ca (Dave Kinchlea)
Date: Wed, 11 Jan 1995 14:10:15 -0500 (EST)
On Wed, 11 Jan 1995, Rens Troost wrote:
Jon> encrypted system (like say krb5) could be much better if done Yeah, clearly. kerberos is so heavyweight, though that few sites end up installing it. Perhaps a pgp-based thing would catch on more. No gnarly key distribution architecture needed.
I have been think hard along these lines and I *think* it can be done but I can't think of any way of ensuring that some human being (system administrator or not) will be able to read the pass-phrase and/or secret key via delving into /dev/[k]mem. The only possible way that I can think of is to have the pgp `device' be completely external but physically connected to the machine (presumably chained into the ethernet connection). What you then `trust' is the pgp device which will encrypt all outgoing traffic appropriately and decrypt all incoming traffic (that it can). The host cannot be involved, if Unix is in charge anyway. It is *essential* that the theoretical pgp device be able to detect any physical and virtual snooping -- that pass phrase/secret key must not ever be known to anyone, including the manufacturer and the system admins/owners of the machine it is connected to. Once a physical snoop is detected, the pass phrase/secret key is wiped from existence. It must be guaranteed that a virtual snoop is not possible (ie: there is no way to communicate with the device, it is a simple function. Of course, that begs the question of how to obtain verification of keys -- I said I was thinking hard, I didn't say I have come up with the answer ;-() else denial of service attacks would run rampant. The device is part of the *machine*, not IP number, thus you continue to use existing protocols for `trusted hosts' but rather than ethernet numbers as listed in DNS tables, `trusted pgp public keys' would be used to verify the information. Packets could then be encrypted and signed for privacy or simply signed for authentication. As long as the device stays physically connected to that machine, it verifies that machine, remove it and you must generate a new key for that device (it doesn't necessarily have to stop working, it is just necessary to purge all traces of the pass phrase/secret key once compromised. Can such a device be built? Does this make any sense at all? kinch ps: this is probably not appropriate for bugtraq, sorry.
Current thread:
- Re: Xwindows security? der Mouse (Jan 06)
- Re: Xwindows security? Bennett Todd (Jan 09)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Jon Peatfield (Jan 10)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- xcrowbar William McVey (Jan 11)
- xcrowbar der Mouse (Jan 11)
- Re: Xwindows security? Dave Kinchlea (Jan 11)
- Re: Xwindows security? Adam Shostack (Jan 11)
- Re: Xwindows security? Darren Reed (Jan 11)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Bennett Todd (Jan 09)
- Re: Xwindows security? Jim McCoy (Jan 11)
- Re: Xwindows security? Julian Assange (Jan 13)
- Re: Xwindows security? Timothy Newsham (Jan 11)
- about /usr/etc/chill *Hobbit* (Jan 11)
- mountd keeps vanishing (!) Eric Berggren (Jan 11)
- Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)
- Re: mountd keeps vanishing (!) Karl Strickland (Jan 12)
- Re: mountd keeps vanishing (!) Pete Shipley (Jan 14)