Bruce Schneier - Ciphire e-mail encryption system - analýza
13.02.2005Summary. Protecting against attacks from insiders is an incredibly
daunting, if not impossible, task. Given such constraints, we believe that
the Ciphire System still performs remarkably well. Our concerns with Trojan
horses in Section 3 would be applicable regardless of what underlying
cryptographic mechanisms Ciphire decided to employ. In practice, eventually
our man-in-the-middle attacks in Section 4 will likely be detected by
Ciphire users; this is in some sense the best that we can hope for, since
preventing such attacks in the first place may be impossible. Our attacks in
Sections 6 and 7 are byproducts of Ciphire’s ease-of-use, and thus cannot be
fully addressed without compromising on Ciphire’s ease-of-use design goal.
Addendum. We analyzed the version of the Ciphire System described
in the documents. From recent communications with Ciphire, we
understand that Ciphire Labs is planning to address or has addressed some
of the issues that we raise. This review does not reflect those changes.
Zdroj: http://cryptome.org/ciphire-report.zipAutor: JP
Heuristické vyhledání souvisejících článků v archívu NEWS
Pozor - není zdaleka přesné a výsledek je bez záruky...
Chcete-li článek obsahující konkrétní termín - pou·ijte funkci
vyhledávání !
