Indistinguishable from Jesse

I had to install Enigmail and gpg in order to send a vulnerability report to CERT.

I am not happy with gpg's UI. I had to read this page to figure out which command-line options I had to use. GPG gives a vague yet serious-sounding warning if you use an empty "passphrase" when creating your key. (As far as I can tell, a strong passphrase protects you against someone who can read the file containing your private key, but other than that it doesn't increase security.) It asked me to move the mouse around and bang on the keyboard while it generated my keys, but it generated the keys in less than a second, making me worry that it didn't use any good sources of entropy when it created my key.

I was able to figure out how to use Enigmail without much trouble. I encountered lots of warning and error messages, but I think they were all necessary. (I didn't like the text "This message will appear 1 more time" at the bottom of most of the warnings, though. I don't want Enigmail to keep me from making a mistake just because I almost made the mistake 2 times in the past!) Enigmail's options were split between the Options window and the Account Settings window, but that's a problem with Thunderbird in general.

Neither CERT nor Enigmail warned me that the subject of my e-mail would be sent unencrypted.

This entry was posted on Sunday, April 18th, 2004 at 12:15 am and is filed under Mozilla, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.