From: Sergey Goldgaber <sergey@delbruck.pharm.sunysb.edu>
Date: Fri, 25 Feb 94 10:07:16 PST
To: cort <cort@ecn.purdue.edu>
Subject: Re: your mail
In-Reply-To: <9402250101.AA05179@en.ecn.purdue.edu>
Message-ID: <Pine.3.89.9402251208.C1961-0100000@delbruck.pharm.sunysb.edu>
MIME-Version: 1.0
Content-Type: text/plain




On Thu, 24 Feb 1994, cort wrote:

>   When the file is executed, it will ask Ida a question that Fred
>   has set up (with her in mind).  This question will ideally be
>   answerable only by Ida.  If Ida answers correctly, her response
>   will form a key to decrypt the message.


There might be a problem in that Ida would have to phrase the answer
_exactly_ in the way that the sender has anticipated it would be phrased.

For example, Fred might ask:

"Where were we when we first kissed?"

Ida may answer:

"In the back of a dumpster truck"

Although correct, Fred may have anticipaded:

"In a dumpster truck"


There has to be a provision for unambiguous wording.  Even a question as
simple as:

"How old are you?"

may be answered in more than one way

"99"

"ninety-nine"

"99.5"

"ninety-nine and one half"

Knowing the answer yet having the program reject the "correct" answer 
time after time may frustrate your PGP-Self-Decrypt unaware user.

> It would be a nice augmentation to the PGP package!
> 

Why use PGP?  As I understand it, the virtue of PGP lies in it's 
handling of public and secret keys.  Any semi-secure algorythm may be 
used with a self-decrypt program.

> Cort.
> -- 
> cort@cc.purdue.edu
> 


Sergey