Xref: utzoo news.sysadmin:3103 comp.mail.uucp:4800
Path: utzoo!utgpu!watserv1!watmath!att!dptg!ulysses!andante!alice!ches
From: ches@alice.UUCP (Bill Cheswick)
Newsgroups: news.sysadmin,comp.mail.uucp
Subject: Re: Passing proprietary messages through competitors or other sites
Summary: Don't trust crypt(6)
Message-ID: <11081@alice.UUCP>
Date: 23 Jul 90 02:48:31 GMT
References: <11613@hoptoad.uucp> <118@rwing.UUCP>
Organization: AT&T Bell Laboratories, Murray Hill NJ
Lines: 12



> it at least makes it difficult for ordinary users who weren't
> previously employeed by the NSA to look at it.

It doesn't take the NSA to break crypt.  It is quite easy, and there is software
floating around that will help.  (We moved crypt to /usr/games.)  If you must
use email for proprietary info, use DES encryption and avoid sites running
pathalias.

Bill Cheswick
postmaster@research.att.com