Re: 2 security issues

From: Paul Lussier (pll@mclinux.com)
Date: 12/12/01


To: "bugtraq@t-swat.com" <bugtraq@t-swat.com>
Date: Wed, 12 Dec 2001 13:52:24 -0500
From: Paul Lussier <pll@mclinux.com>


In a message dated: Tue, 11 Dec 2001 12:43:46 PST
"bugtraq@t-swat.com" said:

>At 11:33 AM 10/12/2001, hvdkooij@vanderkooij.org wrote:
>>On Sun, 9 Dec 2001, Robin Lynn Frank wrote:
>>
>> > 1. Is there any way to encrypt all "system" mail to a specific key by
>> > default?
>>
>>If you use scripts it should be feasible to use GPG for this in an
>>automated manner.
>
>Just remember that anything that can be automatically done, can be
>automatically "un-done". That's like locking the door but leaving the key
>under the mat.

Well, yeah, but in order to decrypt the mail, one would need both the
private key *and* the passphrase. Even if the get the key, it's
still a royal pain to brute force it.

Of course, that doesn't prevent anyone from intercepting the mail
before it's delivered/encrypted :)

-- 

Seeya, Paul ----

God Bless America!

...we don't need to be perfect to be the best around, and we never stop trying to be better. Tom Clancy, The Bear and The Dragon