On 2/16/06, Chris Muller <chris@funkyobjects.org> wrote:

Hi Pakala,

> Hi,
> Thank you. It is just a small project so no need to
> worry about the hacker.

I gather this refers to the (low) potential that your
users will be able to hack "obscured" cleartext
(mildly encrypted), even if not very secure from a
skilled hacker.

I made a big jump when the "adversarial setting" of
digital security was spelled out for me.  Because
digital bits are fluid and unbounded, able to travel
so far, so quickly, you won't know when an attacker is
attacking and, even if you did, usually nothing could
be done about it.

Therefore, the adversarial setting must be assumed
that all data sent out of your computer (and, in
extremely paranoid cases, the memory inside your
computer) is sent to the attacker along the way, where
they can do what they wish including modify it.  The
same for data received.  The adversary is a
mathemetician with a supercomputer, has lots of time
and lots of incentive.  He's ready to inflict maximum
hurt.

This is the setting, therefore the goal must be to
provide "mathematical protection."  To reveal or
modify information, the adversary must solve a
mathemetical problem that, so far, no mathmetician has
been able to solve.

> Can you please give me some more information how to
> proceed.
> you said that the GPG ask the user to type some
> random charaters to seed the
> random numbers and we can give fingeprint image. I
> need some more
> information about that.If you have any code please
> send me.

To do this, print this in a workspace:

SecureRandom fromUser nextRandom160

Cheers,
Chris
_______________________________________________
Cryptography mailing list
Cryptography@lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography