From: "Jeff Hupp" <jhupp@novellnet.gensys.com>
Date: Sat, 9 Dec 95 19:42:56 PST
To: cypherpunks@toad.com
Subject: Re: Warning about Pegasus Mail and PGP (fwd)
Message-ID: <34756653250@Novellnet.Gensys.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On  9 Dec 95 at 18:29, Siberia wrote:

: Okay, here's how I understand things with PGP and Pegasus.  You have two
: options with Pegasus depending on the set-up options you choose.  You can
: either send upon completion of your out-going email, or you can have your mail
: queued until you press the send out-going mail button.  The actual PGP process
: does not occur until you actually send the mail.  So the answer would be: 
: don't queue your mail.

	That's not really a solution in the Windows environment, if you have a 
swap file, you never know what gets written out to it.  The solution is 
run w/o a swap file or run an encrypted file system.  I run an 
encrypted file system.

	Pegasus will indeed save your key with your message in the outgoing 
queue.  This is a problem with the design of pegasus, not with the 
design of the add on encryptor.  
  
: 
: On  9 Dec 95 at 16:24, Jon Lasser wrote:
: 
: > On Sat, 9 Dec 1995 anonymous-remailer@shell.portal.com wrote:
: > 
: > > I just installed the "Open Encryptor" PGP interface for Pegasus  Mail.  
: > > I found that when you sign a message and queue it, it stores your password
: > > in the clear on the hard drive. Apparently
: > > it doesn't sign or encrypt the message until just before
: > > transmitting it.  So it stores your PGP private key password
: > > with the message until it sends it.
: > 
: > Can anyone verify this?
: > 
: > Kinda brings new meaning to the term "Open Encryptor," huh?
: > 
: > Jon
: > ------------------------------------------------------------------------------
: > Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
: >           Visit my home page at http://www.goucher.edu/~jlasser/
: >   You have a friend at the NSA: Big Brother is watching. Finger for PGP key.
: > 
: > 
: > 
: 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMMpJNDUjeCeeebC9AQFsdAf+OY1FPLqSbHYyB+MnUl56dau9gFouoLKf
y5UDCE9d4w2ndo6iKOGk7UzfTR3vYQaJmfEI2og+37hi2au01mHm/T0IAUOFYOYr
owr6Xn8TZ8vHPOEe71LYRdad60ZdlkPr7H3Nxc9l7O9ueZp0SAM4xPMZmMPUkb8V
d4j2m1kbLOHHNmqFmHWjxXvKLaowF/38cgbV9VuDFatySZuM9TdaVQEbazum0uDE
LOgUzrQqs2GqlDOB1WMkvJv947SPHhjCJQTcygtS6SoGJv6AzLCL0LtstmBnCOgI
zRIrX5wgFSp49BRdmE0/xp62+TuaGCZ6ml8iW/zS9ab7GSeOA2Qs6Q==
=GINp
-----END PGP SIGNATURE-----
-- 
JHupp@gensys.com           |For PGP Public Key:
http://gensys.com          |finger jhupp@gensys.com
Animals can be driven crazy by placing too many in too small a pen.
Homo sapiens is the only animal that voluntarily does this to himself.