Re: Xwindows security?

[avalon () coombs anu edu au (Darren Reed)]

> Dave Kinchlea wrote:
>
> | On Wed, 11 Jan 1995, Rens Troost wrote:
> | >   Jon> encrypted system (like say krb5) could be much better if done
> | > 
> | > Yeah, clearly. kerberos is so heavyweight, though that few sites end
> | > up installing it. Perhaps a pgp-based thing would catch on more. No
> | > gnarly key distribution architecture needed.
> | 
> | I have been think hard along these lines and I *think* it can be done but I
> | can't think of any way of ensuring that some human being (system
> | administrator or not) will be able to read the pass-phrase and/or secret
> | key via delving into /dev/[k]mem. The only possible way that I can think
> | of is to have the pgp `device' be completely external but physically
> | connected to the machine (presumably chained into the ethernet
> | connection). What you then `trust' is the pgp device which will encrypt
> | all outgoing traffic appropriately and decrypt all incoming traffic (that
> | it can). The host cannot be involved, if Unix is in charge anyway. 
> | 
> | It is *essential* that the theoretical pgp device be able to detect any 
> | physical and virtual snooping -- that pass phrase/secret key must not ever 
> | be known to anyone, including the manufacturer and the system 
>  ...
> | Can such a device be built? Does this make any sense at all?
>
>       Perfect security is not possible.  That means we should aim
> for good security.  Worrying that a passphrase might be stolen is not
> productive if it prevents you from building good code that does more
> than the systems in place today.  Remember, PGP stands for "Pretty
> Good Privacy," not super duper all things to all people security.

Hmm...or diverging away from pgp, what about a system like s/key ?
(one-time authentication for X windows connections).

Darren