| Example 1: PGP |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ¨ | A
reasonably careful claim: |
|||||||||||||
| “PGPfile encrypts, decrypts, signs and verifies files for |
||||||||||||||
| either
email or secure storage on your computer...” – |
||||||||||||||
| www.pgp.com, September 3, 2001 |
||||||||||||||
| ¨ | Assumptions: |
|||||||||||||
| – | Your
machine is not otherwise compromised |
|||||||||||||
| ¨ | Actions
to Compromise: |
|||||||||||||
| – | Penetrate
the machine |
|||||||||||||
| – | Run
standard password cracker against the private key |
|||||||||||||
| – | Better
still – install a Trojan horse in front of the |
|||||||||||||
| password
capture dialog box… |
||||||||||||||
|
|
| 600.436 High- |
|
| Assurance
Systems |
|
| Fall
01/Introduction |
| 14 |