600.436 High-Assurance Systems
Fall 01/Introduction
14
Example 1: PGP
¨A reasonably careful claim:
– “PGPfile encrypts, decrypts, signs and verifies files for either email or secure storage on your computer...” – www.pgp.com, September 3, 2001
¨Assumptions:
–Your machine is not otherwise compromised
¨Actions to Compromise:
–Penetrate the machine
–Run standard password cracker against the private key
–Better still – install a Trojan horse in front of the password capture dialog box…