Bugtraq mailing list archives
Re: Xwindows security?
From: avalon () coombs anu edu au (Darren Reed)
Date: Thu, 12 Jan 1995 12:15:49 +1100 (EDT)
Dave Kinchlea wrote: | On Wed, 11 Jan 1995, Rens Troost wrote: | > Jon> encrypted system (like say krb5) could be much better if done | > | > Yeah, clearly. kerberos is so heavyweight, though that few sites end | > up installing it. Perhaps a pgp-based thing would catch on more. No | > gnarly key distribution architecture needed. | | I have been think hard along these lines and I *think* it can be done but I | can't think of any way of ensuring that some human being (system | administrator or not) will be able to read the pass-phrase and/or secret | key via delving into /dev/[k]mem. The only possible way that I can think | of is to have the pgp `device' be completely external but physically | connected to the machine (presumably chained into the ethernet | connection). What you then `trust' is the pgp device which will encrypt | all outgoing traffic appropriately and decrypt all incoming traffic (that | it can). The host cannot be involved, if Unix is in charge anyway. | | It is *essential* that the theoretical pgp device be able to detect any | physical and virtual snooping -- that pass phrase/secret key must not ever | be known to anyone, including the manufacturer and the system ... | Can such a device be built? Does this make any sense at all? Perfect security is not possible. That means we should aim for good security. Worrying that a passphrase might be stolen is not productive if it prevents you from building good code that does more than the systems in place today. Remember, PGP stands for "Pretty Good Privacy," not super duper all things to all people security.
Hmm...or diverging away from pgp, what about a system like s/key ? (one-time authentication for X windows connections). Darren
Current thread:
- Re: Xwindows security?, (continued)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Jon Peatfield (Jan 10)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- Re: Xwindows security? Rens Troost (Jan 11)
- Re: Xwindows security? Jon Peatfield (Jan 11)
- xcrowbar William McVey (Jan 11)
- xcrowbar der Mouse (Jan 11)
- Re: Xwindows security? Dave Kinchlea (Jan 11)
- Re: Xwindows security? Adam Shostack (Jan 11)
- Re: Xwindows security? Darren Reed (Jan 11)
- Re: Xwindows security? Benjamin Fried (Jan 10)
- Re: Xwindows security? Jim McCoy (Jan 11)
- Re: Xwindows security? Julian Assange (Jan 13)
- Re: Xwindows security? Timothy Newsham (Jan 11)
- about /usr/etc/chill *Hobbit* (Jan 11)
- mountd keeps vanishing (!) Eric Berggren (Jan 11)
- Re: mountd keeps vanishing (!) Eric Kimminau (Jan 12)
- Re: mountd keeps vanishing (!) Karl Strickland (Jan 12)
- Re: mountd keeps vanishing (!) Pete Shipley (Jan 14)
- X Window System security Stephen Gildea (Jan 11)