sci.crypt archive
Re: Automate GPG or PGP to make an .exe
From: Paul Rubin <//phr.cx@NOSPAM.invalid>
Date: Wed Mar 29 2006 - 12:16:56 CEST
Date: Wed Mar 29 2006 - 12:16:56 CEST
"TC" <gg.20.keen4some@spamgourmet.com> writes:
> (4) Creates an EXE file which, when run on a target PC, will:
> (a) Fire up the symmetric cipher;
> (b) Prompt the user for the secret key, then
> (c) Decrypt the file accordingly.
>
> Color me stupid, but, I am struggling to see the problem with this.
> Please elucidate the holes in that process.
An attacker can substitute a malicious .exe for the real one, and the
user then enters the secret password into it. Oops.
Received on Mon May 1 01:53:10 2006