Xref: utzoo comp.admin.policy:278 comp.unix.admin:2124 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!unido!mikros!mwtech!martin From: martin@mwtech.UUCP (Martin Weitzel) Newsgroups: comp.admin.policy,comp.unix.admin Subject: Re: E-mail Privacy Message-ID: <1161@mwtech.UUCP> Date: 5 Jun 91 10:28:48 GMT References: <1991May23.133507.21460@NCoast.ORG> <51171@prls.UUCP> <1991Jun3.175631.1451@sci34hub.sci.com> <1991Jun3.211751.2686@mprgate.mpr Reply-To: martin@mwtech.UUCP (Martin Weitzel) Organization: MIKROS Systemware, Darmstadt/W-Germany Lines: 38 In article <1991Jun3.211751.2686@mprgate.mpr.ca> henderso@mpr.ca (Mark C. Henderson) writes: >In article <1991Jun3.175631.1451@sci34hub.sci.com> gary@sci34hub.sci.com (Gary Heston) writes:... >->> Prehaps I should keep valuables locked >->> up (a sad commentary on our society) but one can not 'lockup' messages >->> from the privelaged account holder (root). >-> >->Sure you can. There's a function called "crypt" that can eliminate your >->concerns. Being root doesn't allow reading the files once encrypted.... > >I'd just like to point out that the security offered by Unix "crypt" can >be broken rather easily. Try using software that uses a more secure >algorithm. This has a bit of truth in it - but it's no real solution. Some text encrypted by standard crypt is safe against being read *accidentally* by the sysadmin (eg. during cleaning up lost+found after some disk crash). It is also true that encrypted text can be decrypted with some *effort*. The amount of this effort can vary by far. Usually it's the easier the more parts of the unencrypted text are known or can be guessed. (You may also understand this as a hint how to make your crypted text more secure: Substitute the "keywords" that may be expected in your text by something else.) But it's also true that the sysadmin can easily replace any "super-crypt" command by a program that only calls super-crypt, but stores the used key in some place. You may call such a sysadmin dishonest or helpful, depending on the scenario: Some user whos privacy is broken in this way would surely call this dishonest; a user who once forgets the key for an important file will surely be pleased if the system administrator can help him to save hours (or days and weeks) of retyping all the stuff. (Did I hear you say the latter scenario is quite unrealistic? Nobody would expect from the sysadmin to give him back the clear text of some encrypted file? I'd second that but why the h*** expect people that the sysadmin can give them back the files they just have rm-ed?) -- Martin Weitzel, email: martin@mwtech.UUCP, voice: 49-(0)6151-6 56 83