Newsgroups: sci.crypt
Path: cantaloupe.srv.cs.cmu.edu!rochester!udel!news.udel.edu!darwin.sura.net!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!ira.uka.de!scsing.switch.ch!bernina!caronni
From: caronni@nessie.cs.id.ethz.ch (Germano Caronni)
Subject: Re: Fifth Amendment and Passwords
Message-ID: <1993Apr20.000359.20098@bernina.ethz.ch>
Sender: news@bernina.ethz.ch (USENET News System)
Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH
References: <1993Apr18.233112.24107@colnet.cmhnet.org> <1993Apr19.180049.20572@qualcomm.com> <1qv83m$5i2@geraldo.cc.utexas.edu>
Date: Tue, 20 Apr 1993 00:03:59 GMT
Lines: 28

In article <1qv83m$5i2@geraldo.cc.utexas.edu> mccoy@ccwf.cc.utexas.edu (Jim McCoy) writes:
>	I set up a bbs that uses public-key encryption and encryption of
>	files on disk.  The general setup is designed so that when users 
>	connect they send a private key encrypted using the system public
>	key and the user's public-private keypair is used to wrap the
>	one-time session keys used for encrypting the files on disk.  The
>	result of this is that even if I reveal the system private key it
>	is impossible for anyone to gain access to the files stored on the
>	machine.  What is possible is for someone to use the revealed
>	system private key to entice users into revealing thier personal
>	private keys during the authentication sequence.
>
>Any answers or general musings on the subject would be appreciated...
>

Just a question. 
As a provider of a public BBS service - aren't you bound by law to gurantee
intelligble access to the data of the users on the BBS, if police comes
with sufficent authorisation ? I guessed this would be  a basic condition
for such systems. (I did run a bbs some time ago, but that was in Switzerland)

Friendly greetings,
	Germano Caronni
-- 
Instruments register only through things they're designed to register.
Space still contains infinite unknowns.
                                                              PGP-Key-ID:341027
Germano Caronni caronni@nessie.cs.id.ethz.ch   FD560CCF586F3DA747EA3C94DD01720F
