PGP's "only for your eyes"
Chris McAuliffe
cmca at alpha.c2.org
Tue Feb 6 16:38:40 PST 1996
-----BEGIN PGP SIGNED MESSAGE-----
[To: cypherpunks at toad.com]
[Subject: Re: PGP's "only for your eyes"]
Usuario Acceso2 <acceso2 at diatel.upm.es> wrote:
Maybe some of you already know about this.
Whe reading PGP's "Only for your eyes" messages, the program
creates a temporary file containing the plaintext in the
directory where the cyphertext file is.
So, don't worry about this option, it's quite useless.
The manual points out that you shouldn't rely on it. Its main purpose is
simply to prevent accidentally or automatically leaving the plaintext
lying around, not to actually securely guarantee that behaviour. After
all, you could always cut-and-paste the text, or (since you have the PGP
source) alter PGP to ignore the flag.
The real problem is not what it does, but what people *think* it might
do.
I take that back. When I check the manual, it doesn't say that it is
insecure. It really ought to. At least one of the books about PGP does
though, I know I've read it somewhere other than email.
Chris McAuliffe <cmca at alpha.c2.org> (No, not that one.)
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAwUBMRfm+oHskC9sh/+lAQHgygQAs4gsA3DWORL06++EpiQahmDOj6JZJKaD
CTkljTcGA1WoY6LNEwGrEMBSs1NoaY6JT+KgxAeP/HOxTJDKwRkAdU+/psjMT9t6
rqERq6HerBKIBqUj/nOsbhnigA2U+e3gto9Fpvs5gld6oQvbyn3M56PWXrm9dbBX
N2KqJ8BcQTE=
=eRZ2
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list