[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, Apr 28, 2013 at 12:30 PM, Brad Rogers wrote: > If banks adopted encryption, banking communication would be a good deal > safer. I've seen banks send passwords to customers in clear text. Dumb, > *really* dumb. I've actually seen more people say "I've seen banks do [something bad email related]" than I've actually see banks do something bad. But if they did send passwords in plain text, it would possibly be bad. Possibly, because encryption wouldn't prevent anyone with access to your PC* (or wherever your private key is stored) from decrypting the email. It would prevent your ISP from decrypting it, which is a good thing, but if the password is to be used with a key-token (even better: if the user is also required to change it immediately), that's not a major problem. * if everyone would use email encryption, it wouldn't take long for trojans to start harvesting private keys. What is a much bigger problem is authentication. If I send an email that only you can decrypt, how do I know that the 'you' is the 'you' the email is intended for? And if I send such an email signed in a way that only I could have signed, how do you know that the 'I' is the 'I' you think it is? Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq