Bugtraq mailing list archives
Re: PGP 6.5.1 has been released
From: kjahds () KJAHDS COM (Kenneth Albanowski)
Date: Mon, 12 Jul 1999 19:20:13 -0400
On Wed, 7 Jul 1999, Steven M. Bellovin wrote:
Self-Decrypting Archives. You may now encrypt files or folders into Self-Decrypting Archives (SDA) which can be used by users who do not even have PGP. The archives are completely independent of any application, compressed and protected by PGP's strong cryptography.I'm glad this was on bugtraq -- any crypto product with "self-decrypting archives" is a serious security threat, at least for the other versions I've seen. They involve an executable that does *something* -- but what? The world has recently learned what I hope the folks on this list have long known -- that you can't trust email with executable content.
For what it is worth, I'd consider an SDA to have one specific benefit in a data storage situation: if recovery of the data is needed in an emergency, or at a time in the future when locating the encryption software is difficult, the chances are much better that you'll be able to get the data unpacked. (You can accomplish something similar by storing a copy of the PGP executable near the data.) However, for data communications, I'd agree that SDAs are just tempting fate. They might be used successfully in some particular situations (transmission over of data & executable over channels that can be snooped but not modified) but seem to be tempting fate. -- Kenneth Albanowski (kjahds () kjahds com, CIS: 70705,126)
Current thread:
- PGP 6.5.1 has been released Cody Brownstein (Jul 06)
- Re: PGP 6.5.1 has been released Nick_ (Jul 07)
- Security Bulletins Digest aleph1 () UNDERGROUND ORG (Jul 08)
- <Possible follow-ups>
- Re: PGP 6.5.1 has been released Steven M. Bellovin (Jul 07)
- Re: PGP 6.5.1 has been released Kenneth Albanowski (Jul 12)
- Re: PGP 6.5.1 has been released ___Viper___ _ (Jul 11)
- Re: PGP 6.5.1 has been released Mark Wooding (Jul 13)
- Re: PGP 6.5.1 has been released Joel Eriksson (Jul 13)