600.436
High-Assurance Systems
Fall 01/Introduction
14
Example 1: PGP
¨A reasonably careful claim:
“PGPfile encrypts, decrypts, signs and
verifies files for either email or secure
storage on your computer...” –
¨Assumptions:
–Your machine is not otherwise compromised
¨Actions to Compromise:
–Penetrate the machine
–Run standard password cracker against the private
key
–Better still – install a Trojan horse in front of the password capture dialog box…