Point of view regarding LISA 2002

markus_kampkoetter markus_kampkoetter@t-online.de
Tue Oct 1 21:54:02 2002

> On Tuesday October 1 2002 11:11, markus_kampkoetter wrote:
> > Michael Tokarev schrieb:
> > > Yeah - learn users to encrypt their emails and there will be
> > > many problems with viruses who will try to use encryption too
> > > thus making it impossible to detect in-transit...  Oh well... ;)
> >
> > i do not agree with you. at least you will know for sure who sent the
> > virus to you ;))) 
> Actually, no you won't. You only know this when the message is signed, 
> which as you say below, usually won't happen.

usually i would not expect someone to run an executable that came with encrypted 
but not signed mail ;-)

> > and worms cannot use cryptotechnology easily.
> > (one day later)
> > or can they? is it possible to write a script that automatically
> > encrypts to all the keys on ones keyring and sends itself to the
> > corresponding addresses? even if, it never will be able to sign.
> The vast majority of the time it won't. In the (hopefully) rare case 
> where the user does not use a passphrase on their secret key, it will. 
> Yet another reason why any passphrase is better than none at all.

you are perfectly right (anyway, everybody should try to find something better 
than ANY as passphrase ;).
i guess tony was closer to the point i was thinking of:
if you behave like the cryptosoftware you use wants you to behave, is it still 
possible to create a worm that uses encryption to hide itsself and spread? as 
far as i understood until now - any passphrase + offline-check of a key of a 
strange mail + be carefull running executables - we do not have to expect this 
too soon?

markus (c: