Introducing newbies to encryption (was: Re: anonymous credit)
Igor Chudov @ home
ichudov at algebra.com
Tue Apr 15 20:06:42 PDT 1997
William S. Frantz wrote:
> > It's absolutely true that nothing on a centralized Unix machine is truly
> > secure. However, is abandoning all pretenses of crypto and security in
> > favor of holding out for a utopian ideal really the best solution? Does
> > using encryption for email on multiuser machines actually hurt the cause
> > of the security community in the long run?
> >
> > (I'm not asking rhetorical questions here -- I'm truly looking for some
> > thoughts on this.)
>
> Since security is not binary (i.e. talking of secure and insecure is
> nonsense. You must talk of more or less secure.), you have to look at the
> threats. If you are sending email from a multi-user Unix machine, encrypting
> it removes some threats (e.g. wiretaping) without adding any new threats.
> (There are still the continuing parade of UNIX holes based on the C string
> model.)
>
> I would say that if users don't think they are safe, just think they are
> a bit safer, then encrypting on a multi-user machine is a good thing because
> it is more secure than not encrypting. It is still less secure than a
> single-user system with Tempest shielding.
right, the real problem is that users start thinking that they are
really safe, and start doing dumb things.
- Igor.
More information about the cypherpunks-legacy
mailing list