Path: utzoo!attcan!uunet!ubvax!vsi1!lmb
From: lmb@vicom.COM (Larry Blair )
Newsgroups: comp.mail.elm
Subject: Re: Using crypt() in encode.c
Message-ID: <1381@vsi1.COM>
Date: 19 Jan 89 01:43:38 GMT
References: <1366@vsi1.COM>
Organization: VICOM Systems Inc., San Jose, CA
Lines: 27

In article <1366@vsi1.COM>, I wrote:
> Looking at encode.c, I see that it is used the encrypt the user entered key
> for use with the old Enigma rotor scheme.  I don't understand why that is
> necessary.  What benefit is gained from encrypting the key?  I'm not a
> cryptographer, but it seems to me that encrypting the key does not add
> significantly to the security of the message.

I received several pieces of mail that pointed out the crypting the key
produces a more random key.  My feeling is "so what?"

o The Enigma algorithm is a "crackable" one.  Randomizing the key only
  makes it harder.

o To my thinking, encrypting the mail is mainly to prevent nosy people
  with system priviledges from prying.  Anyone who truly wants to crack
  your message won't be deterred by crypting the key.  If you want a "safe"
  message, use crypt(1) on the whole thing.

o Using the crypt() call makes elm non-portable to non-US sites. [This,
  of course, is absurd when you consider that a DES crypt program was
  posted to the net.]

I've always been appalled at the insecurity of the current email system.
I _really_ like encrypted mail, so I am now on a quest to try to get
the various mail systems to unite in their handling of encryption.
-- 
Larry Blair   ames!vsi1!lmb   lmb@vicom.com