William S. Frantz wrote:
It's absolutely true that nothing on a centralized Unix machine is truly secure. However, is abandoning all pretenses of crypto and security in favor of holding out for a utopian ideal really the best solution? Does using encryption for email on multiuser machines actually hurt the cause of the security community in the long run?
(I'm not asking rhetorical questions here -- I'm truly looking for some thoughts on this.)
Since security is not binary (i.e. talking of secure and insecure is nonsense. You must talk of more or less secure.), you have to look at the threats. If you are sending email from a multi-user Unix machine, encrypting it removes some threats (e.g. wiretaping) without adding any new threats. (There are still the continuing parade of UNIX holes based on the C string model.)
I would say that if users don't think they are safe, just think they are a bit safer, then encrypting on a multi-user machine is a good thing because it is more secure than not encrypting. It is still less secure than a single-user system with Tempest shielding.
right, the real problem is that users start thinking that they are really safe, and start doing dumb things. - Igor.