Point of view regarding LISA 2002
Tue Oct 1 21:54:02 2002
> On Tuesday October 1 2002 11:11, markus_kampkoetter wrote:
> > Michael Tokarev schrieb:
> > > Yeah - learn users to encrypt their emails and there will be
> > > many problems with viruses who will try to use encryption too
> > > thus making it impossible to detect in-transit... Oh well... ;)
> > i do not agree with you. at least you will know for sure who sent the
> > virus to you ;)))
> Actually, no you won't. You only know this when the message is signed,
> which as you say below, usually won't happen.
usually i would not expect someone to run an executable that came with encrypted
but not signed mail ;-)
> > and worms cannot use cryptotechnology easily.
> > (one day later)
> > or can they? is it possible to write a script that automatically
> > encrypts to all the keys on ones keyring and sends itself to the
> > corresponding addresses? even if, it never will be able to sign.
> The vast majority of the time it won't. In the (hopefully) rare case
> where the user does not use a passphrase on their secret key, it will.
> Yet another reason why any passphrase is better than none at all.
you are perfectly right (anyway, everybody should try to find something better
than ANY as passphrase ;).
i guess tony was closer to the point i was thinking of:
if you behave like the cryptosoftware you use wants you to behave, is it still
possible to create a worm that uses encryption to hide itsself and spread? as
far as i understood until now - any passphrase + offline-check of a key of a
strange mail + be carefull running executables - we do not have to expect this