From: Bill Stewart <stewarts@ix.netcom.com>
To: Eric Murray <ericm@lne.com>
Message Hash: e816a702a7a10f3e4feeee7e18bb6614e606f295d79682158abd46ec0fa38544
Message ID: <3.0.2.32.19970616095518.00751b44@popd.ix.netcom.com>
Reply To: <199706132241.PAA09924@fat.doobie.com>
UTC Datetime: 1997-06-16 18:56:43 UTC
Raw Date: Tue, 17 Jun 1997 02:56:43 +0800
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Tue, 17 Jun 1997 02:56:43 +0800
To: Eric Murray <ericm@lne.com>
Subject: Re: Impact of Netscape kernel hole
In-Reply-To: <199706132241.PAA09924@fat.doobie.com>
Message-ID: <3.0.2.32.19970616095518.00751b44@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 06:08 PM 6/13/97 -0700, Eric Murray wrote:
>Of course that's IDEA-encrypted (or maybe something better in PGP 5) so
>the attacker would need a lot of compute power to brute-force the key.
>I wouldn't worry too much about someone getting my secring.pgp. However
>I would worry about them getting my mail folder, my .rhosts, my
>/etc/password, etc.
This is one area where evil mail reader clients like Microserf Mail
do better than decent mail clients. The MSMail mailbox is one huge file,
structure undocumented, encrypted with an algorithm strong enough to
defeat Stacker/Doublespace and prevent you from repairing the file
if it's corrupted* but not strong enough to keep the NSA out.
MSMail encourages you to send MSWord attachments and Powerpoint graphics
instead of just writing text, so it's not uncommon to have a
100MB mailbox in a typical corporate marketdroid environment.
If someone steals my Eudora mailboxes, they'll need to snarf a few MB
of accumulated mail (though much of the good stuff will be saved
in files), but even if they only get part of the file, it's readable.
Someone who steals my MSMAIL.MMF will get 100+MB of noise,
hiding a relatively small amount of signal, and if they only get
part of it before losing the connection, it'll probably be corrupt.
[*Actually, my MSMAIL.MMF _is_ corrupted - MSMail has a self-repair /
garbage collector feature enabled by hitting magic keys at startup,
which on my mailbox is a bit overenthusiastic -- it deletes all the
attachments, leaving only the headers/text of messages and the
icons for the now-missing attachments. So I can't use it...]
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list or news, please Cc: me on replies. Thanks.)
Return to June 1997
Return to “Tim May <tcmay@got.net>”