From: cmca@alpha.c2.org (Chris McAuliffe)
To: cypherpunks@toad.com
Message Hash: 378483ca026b1f0e753dfc41f61d2adbf4c874295cf2ef5078583a759899fea1
Message ID: <199602062336.PAA24566@infinity.c2.org>
Reply To: N/A
UTC Datetime: 1996-02-07 00:38:40 UTC
Raw Date: Wed, 7 Feb 1996 08:38:40 +0800
From: cmca@alpha.c2.org (Chris McAuliffe)
Date: Wed, 7 Feb 1996 08:38:40 +0800
To: cypherpunks@toad.com
Subject: Re: PGP's "only for your eyes"
Message-ID: <199602062336.PAA24566@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
[To: cypherpunks@toad.com]
[Subject: Re: PGP's "only for your eyes"]
Usuario Acceso2 <acceso2@diatel.upm.es> wrote:
Maybe some of you already know about this.
Whe reading PGP's "Only for your eyes" messages, the program
creates a temporary file containing the plaintext in the
directory where the cyphertext file is.
So, don't worry about this option, it's quite useless.
The manual points out that you shouldn't rely on it. Its main purpose is
simply to prevent accidentally or automatically leaving the plaintext
lying around, not to actually securely guarantee that behaviour. After
all, you could always cut-and-paste the text, or (since you have the PGP
source) alter PGP to ignore the flag.
The real problem is not what it does, but what people *think* it might
do.
I take that back. When I check the manual, it doesn't say that it is
insecure. It really ought to. At least one of the books about PGP does
though, I know I've read it somewhere other than email.
Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.)
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAwUBMRfm+oHskC9sh/+lAQHgygQAs4gsA3DWORL06++EpiQahmDOj6JZJKaD
CTkljTcGA1WoY6LNEwGrEMBSs1NoaY6JT+KgxAeP/HOxTJDKwRkAdU+/psjMT9t6
rqERq6HerBKIBqUj/nOsbhnigA2U+e3gto9Fpvs5gld6oQvbyn3M56PWXrm9dbBX
N2KqJ8BcQTE=
=eRZ2
-----END PGP SIGNATURE-----
Return to February 1996
Return to “David Mazieres <dm@amsterdam.lcs.mit.edu>”