> So you think that viruses are going to know how to find and decrypt > the passwords of all email programs?
Any data that must be decrypted without user intervention can be accessed in its unencrypted form without user intervention. If user intervention is required for decryption, well, you pretty much just have to be there when it happens. These are fundamental rules. A virus needs no "decryption" feature per se. A sniffer can readily isolate plain-text passwords as they go over the wire. Alternately, yep, specific memory inspection routines could be built for "all email programs" that are likely to be found on compromised machines -- all, what, 3 or 4 of them -- regardless of what happens on the wire. This part is child's play for a hacker, relative to the harder part of finding new attack vectors for those boxes that are lucky enough to get disinfected and patched. Marc, I have some respect for your optimism, a rare trait in a place where others have (themselves well-earned) chips on their shoulders from pushing back a surging, inarguably criminal element from their networks all day. I also think that the accusations that you're an agent of some government, enterprise, NGO, etc., are ludicrous based on the fundamental naïveté of your proposal (like the fact that you suggested an enhancement which was already BTDT 8 years ago -- not going to get you a lot of followers on such a technical list). Yet: I concur that you don't have anywhere near sufficient knowledge of current, let alone historical, technologies for mail sending and retrieval to be suggesting... well, to be suggesting any enhancements or improvements at all. Look, it's okay to admit that you have to go "back to school" on those subjects. From your bio, you have grounding in other technical areas that many people here do not. I didn't know much about mail until 1999 or so, and that was after supporting mail systems (along with other systems I actually understood) for, like, 6 years! But I also kept my mouth shut until 1999. Because of that experience, I find myself agreeing with the overall reaction of, in essence: "Kill me now, if his proposal is going to be disseminated by any entity who doesn't have enough techies on staff to shoot it down." Please, for the good of the world, take a couple of months to study before your next proposal. Warmly-- --Sandy
