1993-04-06 - Re: Re: PGP help and comments.

Header Data

From: stig@transam.ece.cmu.edu (Jonathan Stigelman)
To: cypherpunks@toad.com
Message Hash: f39cfdbf8e352cb41a73489b05c669e7ef8408513a2dbc29f3fa7db15de3ef39
Message ID: <243@x15remote.stigmobile.usa>
Reply To: _N/A

UTC Datetime: 1993-04-06 02:42:37 UTC
Raw Date: Mon, 5 Apr 93 19:42:37 PDT

Raw message

From: stig@transam.ece.cmu.edu (Jonathan Stigelman)
Date: Mon, 5 Apr 93 19:42:37 PDT
To: cypherpunks@toad.com
Subject: Re: Re: PGP help and comments.
Message-ID: <243@x15_remote.stigmobile.usa>
MIME-Version: 1.0
Content-Type: text/plain


In message <9304040758.AA07164@tigger.cc.utexas.edu> you write:
>
>This is even more dangerous than storing it on the disks of a multi-user
>machine.  Unless you are running in a kerberos environment it is trivial to
>snoop your upload off the network, and even without that weakness you are
>exposing yourself to the same problem that the docs mention (it is really
>pretty easy to scan someone's terminal input) only you are giving them the
>key outright instead of only giving them the passphrase to your key.
>

Yeah....  So if your key can be snooped off the net, so can your
cleartext.  To decript online, then, is akin to using only weak
encription...which indicates only the desire for limited privacy.

But if even if you do decript online, you're still protected from
file snooping.

What's needed is PGP decription built into your terminal program.

	stig






Thread