1994-02-25 - Re:

Header Data

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
To: cypherpunks@toad.com
Message Hash: 7ff1d2f682e9f4888509c113b081b7143779764389dd2a09c883b22dea85eecb
Message ID: <khPJFv200awNIDs0Vy@andrew.cmu.edu>
Reply To: <9402250101.AA05179@en.ecn.purdue.edu>
UTC Datetime: 1994-02-25 01:31:37 UTC
Raw Date: Thu, 24 Feb 94 17:31:37 PST

Raw message

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Date: Thu, 24 Feb 94 17:31:37 PST
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <9402250101.AA05179@en.ecn.purdue.edu>
Message-ID: <khPJFv200awNIDs0Vy@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain

cort@ecn.purdue.edu wrote:

>  Fred wants to send a message to Ida.  Fred is a cypherpunk
>  and is quite proficient with PGP.  However, Ida is not
>  set up with PGP and does not desire to learn PK cryptography.
>  Fred and Ida know each other (or something about each other).
>  Fred sends a self-decrypting message to Ida in an executable
>  file.  Ida simply receives the file and executes it.  (This
>  is analogous to self-extracting zip files.)
>  When the file is executed, it will ask Ida a question that Fred
>  has set up (with her in mind).  This question will ideally be
>  answerable only by Ida.  If Ida answers correctly, her response
>  will form a key to decrypt the message.

> The tricky part is providing an executable file while providing
> a little bit of instruction at the front of this file (to instruct
> the recipient to down-load and execute).
> Also, it seems that an assumption of recipient platform (e.g. DOS,
> Unix, etc.) may be necessary.  Uuencoding or similar ASCII/binary
> conversion may be required.
> Comments?  Would someone do this?  Does it already exist?
> It would be a nice augmentation to the PGP package!

All sounds great, but there is one problem - Ida has to download the
file, uudecode it and run it.  I don't see how that's any easier than
downloading it and running pgp...  If Ida is computer-illiterate and
can't download a file and decrypt it with pgp, it wouldn't be reasonable
to expect her to download it and run uudecode.

I think you may have a good idea here, but it's not really ideal for
cryptography.  As Thomas Edison was fond of saying, just because
something doesn't do what you want doesn't mean it's useless.  Perhaps
you should consider the project from a different approach - such as for
self-extracting graphical email.  I know a lot of people who would like
to be able to doodle graphical images in their email, as well as a lot
of hardware hackers that would like to draw circuit diagrams and such. 
Seems like self-extracting graphical email would be ideal for these
purposes.  And of course, you would want to protect it with crypto too.