-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Joseph,
On 27 October 2003, 14:45 -0600 ( 20:45 local time) Joseph N. [JN] in mid:[EMAIL PROTECTED] wrote: MW>> Perhaps plain text editors should encrypt data? Ludicrous! And why MW>> encrypt plain text messages to your hard disk when you send them MW>> over the Internet without encryption? E-mail (SMTP/POP) is MW>> inherently insecure. JN> Ummm, no one is talking about encrypting the messages, Martin. That's JN> what SecureBat, disk encryption, or encrypted messages are for. I know that! I think you may have misunderstood me. JN> We're talking only about passwords, which pertain not only to JN> existing content but also to one's identity. No, you were talking about passwords. The original text by Gautam starts off by saying messages are stored in plain text. Marck was responding to the original post and made the point that general purpose applications are not designed to be as secure as is set out in the referenced text. JN> They are two separate issues. A misused password can wreak boundless JN> havoc for years after the incident. You use one password for everything? And continue to use it after the possibility of it being compromised? Surely you would change your password(s) before handing your PC to a stranger? And if you can't beforehand, afterwards? Certainly, if you're that concerned about password security you shouldn't save it in the first place; it's an option after all. :-) MW>> As for passwords, doesn't the same apply since most POP servers use plain text MW>> authentication? JN> No, it doesn't. Security is not a binary choice; there are degrees of JN> need and degrees of security. The possibility of someone snatching a JN> password from regular Internet usage is real, but the probability is JN> low. In any event, (a) most POP servers nowadays probably provide for JN> MD5 authentication, and (b) the user can choose a provider that does JN> provide the required level of authentication. Again, it's a matter of JN> degrees and choice. The problem with an unencrypted password is that JN> it pretty much vitiates any other choices that have been made. Still more probable than a complete stranger sitting in front of my PC and reeking havoc with his hex editor. (assuming he can log on and access my folders) I think someone would notice that! :-) MW>> There's some merit in having the mail folder under Documents and MW>> Settings (XP) and I guess this could be a future install option. Albeit MW>> there's nothing stopping you from doing this now. JN> I did it a long time ago. It seemed like the most logical thing to do when the option presented itself. - -- As ever, Martin Webster The Bat! 2.01.7 | BayesIt! 0.4gm (Windows XP Professional Service Pack 1) -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0.2 iQA/AwUBP52Sslv+PP8p0/caEQIg4gCeNC7rnyJjfMxMRI0AzfLjiEY3HiYAn0zS Qf1bRgqBLUcWh3UX/0Xl7I8Z =MLrM -----END PGP SIGNATURE-----
________________________________________________ Current version is 2.01.3 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
