mailcrypt / WARNINGS


Security Warnings for Mailcrypt

  As usual, the weakest link in a cryptosystem is how it is used. As
  far as we know, PGP and GPG are completely unbreakable, even with
  the full resources of the NSA on your trail. However, there are many
  other ways for your secrets to be found out--let the user beware.

NT Users: Mailcrypt might leak your passphrase!

  We have reports that Mailcrypt/PGP 5.0 works on NT. We've also had
  reports that it doesn't work. So far, no volunteers have come
  forward to make sure it works correctly on NT.

  One report, though, you should be aware of. One person has tried
  using Mailcrypt on Windows NT, with poor results. Much later, he
  looked in a temp directory and FOUND HIS DECRYPTED MESSAGES, WITH

  This is certainly no joke. Many workstations carelessly share their
  whole filesystems across the network. Many are shared by multiple
  users. Temp directories are usually world-readable. This means that
  someone might learn your passphrase if you use Mailcrypt carelessly
  on an NT workstation.

  Here is what you can do about it:

  1. Volunteer to test Mailcrypt on NT, and fix this problem.

  2. Try using GPG on NT instead of PGP; there is a good chance this
  problem is not present with GPG. BUT TEST THIS CAREFULLY BEFORE

  3. Only use Mailcrypt on a workstation over which you posess sole
  physical control. Tightly restrict network file-sharing, and clean
  your disk often with a secure wiping utility.

Other Security Issues

  Other security issues are standard concerns.

  * Make sure that nobody can look over your shoulder when you're
  typing your passphrase.

  * Do not store decrypted messages in publically accessible

  * Do _securely_ erase any files you won't need again.

  * Do _not_ run Mailcrypt remotely through a telnet connection; your
  passphrase will travel across the network/Internet in the clear. If
  you trust ssh, go ahead and run Mailcrypt over an ssh connection.

  * Do _not_ store your keyrings on shared machines (including
  mainframes) if you can help it. Secret keys are encrypted on your
  keyring, but why tempt fate? Furthermore, storing keyrings on
  mainframes increases the likelihood that you will end up
  transmitting your passphrase via telnet.