Email Privacy - ideas

Discussion in 'privacy technology' started by peakaboo, Mar 1, 2003.

Thread Status:
Not open for further replies.
  1. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I've been looking for a good freeware program which will provide email privacy, not necessarily encryption, could be as simple as pass word protection, which does not require the person on the receiving end to have special software to unlock or decrypt. Another important feature for me is the solution must be light on storage and resources.

    I think PGP fits the bill except being light on storage space; never tried it so can't vouch for it.

    ABI coder is another option, can't remember if I tried it or not, but have tried similar products, and the rub is no compression on the self extracting file. Also many may baulk at clicking on a file with an executable just to read an email.

    Any other ideas are welcome.

    Some good ideas here, however none which will fit the bill for me.

    So I got to thinking what about using WINZIP?

    1) light on resources & storage = yes
    2) can password protect = yes
    3) does not require special software for the receiver = yes

    4) bonus: since Winzip is compression software, the file you send will actually be smaller than your original file. I think this holds true with the self-extracting feature also.

    I started playing with it a little this am. I think it will work for me. Here is how I use it:

    + using word or any text editor create your email message
    you want to send and save to file

    + right click your message file

    + select Add to zip

    + under add to archive select New

    + select the folder you want the zip created in and the
    name of the zip file and press OK

    + press Password and enter password & confirm

    right click the file created and select Send To, to send this file as an email attachment. Of course whomever you are sending to will need the password to open this zip file. Password can be provided via same email as follows:

    for friends you know very well

    use the following email message:

    password to unlock zip = something only the two of you would know

    or simply call and let them know what the password will always be if they receive something from you.

    not sure if the person on the other end has winzip?

    + right click the zip file created
    + select Create Self-Extractor (.EXE)

    note: this self-extracting zip file is really nice since you can't even see the files contained without the correct password.

    send the self-extracting zip file as noted above

    A Word about password security - this is from Winzip help an older version, not sure if newer version of Winzip 8.1 has a beefed up password encryption strength:

    WinZip uses the industry standard Zip 2.0 encryption format. Password protecting files in a Zip provides a measure of protection against casual users who don't have the password and are trying to determine the contents of your files. The Zip 2.0 encryption format, however, is not as secure as DES and the RSA public key formats used by programs such as PGP, and does not provide absolute protection against determined individuals with advanced cryptographic tools.

    Note: there are two reasons WinZip does not implement a more secure encryption format: (1) a different format would not be compatible with the Zip 2.0 standard, so other Zip utilities would not be able to decrypt the files, and (2) there are currently severe U.S. government restrictions on the export of encryption technology. If you require strong encryption, we recommend you use a specialized encryption software instead of the Zip 2.0 encryption format.

    Copyright ¸ 1991-1998 Nico Mak Computing, Inc.

    Note this may have changed with winzip 8.1 - easy enough to dwnld install & check ;)

    Someone reading this may ask why go through all this? To this I answer, I'll have to get back to you on the link, but I read somewhere that when you send an email it is the equivalent of sending a post card - anyone can read it, also as your email is sent from server to server, copies are made, I can't remember if those copies would eventually be wiped.

    Besides PGP

    http://web.mit.edu/network/pgp.html

    http://www.pgp.com/index.php

    I ran across something called ShyFile:

    http://www.shyfile.net

    problem with this is it is a huge download 24.6 MB

    not for me...
     
  2. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Hey Peakaboo, how are you? From my gathering, your other party that recieve the emails have to have the same program you're encrypting with. Now If you do an extracting encryption and give that party your self encrypting password they don't have to have the same program. I know pgp 8.0 is like that and so is other programs. Now if you use Outlook Express there is a digtal ID. You can do but you have to sign up for it. From what I read and heard is that the person that's reading the email don't have to have it. I'm that sure about it though. Maybe someone will come along and shine more light on it. If i'm wrong on this please someone correct me. Thanks.

    Oh BTW if there is such a program trhat can encrypt an email and the other person your sending the email to is found I would love to know about it.
     
  3. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Hi notageek,

    That is what I like about Winzip, if you use the self-extracting feature, the party you send the email to only needs the password.

    They do not need winzip, only the password.

    Cool huh... :)

    take care M8.
     
  4. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Yeah I got winzip 8.0. I only us it to un zip files that I download. Never really zipped anything.
     
  5. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    While not the Link I had remembered, it is close enough and certainly speaks to the subject at hand - excerpt:

    Email is said to be as private as sending a message in a postcard. Electronic mail is widely used every day by hundreds of thousands of people. Unfortunately email can be a very insecure way of communication. Electronic mail is notoriously unprivate. When an email message is sent it travels from the originating host computer to the destination and often passes through several relaying hosts. Administrators of any these hosts can easily eavesdrop the mail traffic. If the mail bounces because it can't reach the addressee, a copy of the message is often sent to the postmaster of the originating system who can read the e-mail addresses of the sender and the addressee and the contents of the mail.

    Also ran across this link for privacy tools:

    http://www.epic.org/privacy/tools.html

    And of course my night would not be complete without a reference to an on-line test of sorts:

    http://www.windowsecurity.com/emailsecuritytest/

    I have not tried it yet, so if you do you are on your own. :eek:
     
  6. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    notageek,

    If you get a chance please take a look at your 8.0 winzip help and go to contents, and lookup password security, and tell me if it still reads 2.0 encryption strength.

    TIA good buddy.

    Also anyone using the new winzip 8.1 please confirm whether it is still using 2.0 encryption strength.


    This is the wording you might see:

    WinZip uses the industry standard Zip 2.0 encryption format. Password protecting files in a Zip provides a measure of protection against casual users who don't have the password and are trying to determine the contents of your files. The Zip 2.0 encryption format, however, is not as secure as DES and the RSA public key formats used by programs such as PGP...
     
  7. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Hi Peakaboo, I found what You ask me to find. Here's what the help me said.
    WinZip® uses the industry standard Zip 2.0 encryption format. Password protecting files in a Zip file provides a measure of protection against casual users who don't have the password and are trying to determine the contents of your files. The Zip 2.0 encryption format, however, is not as secure as DES and the RSA public key formats used by programs such as PGP, and does not provide absolute protection against determined individuals with advanced cryptographic tools.

    Note: there are two reasons why WinZip does not implement a more secure encryption format: (1) a different format would not be compatible with the Zip 2.0 standard, so other Zip utilities would not be able to decrypt the files, and (2) there are currently severe U.S. government restrictions on the export of encryption technology. If you require strong encryption, we recommend you use a specialized encryption software instead of the Zip 2.0 encryption format.

    The main WinZip window lists password protected files with a plus sign following the filename.

    Using password security while using the Extract, Test, CheckOut, or Install features:

    If you use the Extract, Test, CheckOut, or Install features on a password protected archive, you will automatically be prompted for the password.

    Using password security while adding or updating an archive:

    To password protect files, it is important to specify the password AFTER opening or creating an archive and BEFORE adding the files.

    Follow these steps to password protect files in an archive:

    1.   Open or create an archive. If you are using the New dialog box, uncheck the Add Dialog
    checkbox at the right of the dialog box.
    2.   In the Add dialog box, click the Password button, and type a password.

    Notes:

    In addition to the methods specified above, you can choose Password from the Options menu to specify a password.

    Use the Mask Password checkbox to control whether the password is hidden while typed. If you check this option, you will have to re-type the password for confirmation (to avoid typographical errors).

    Passwords are cleared (reset so that no password is in effect) when an archive is closed or another archive is opened.

    Passwords can also be used for ARJ files; in this case, the external ARJ program is responsible for all data encryption.

    Be sure to remember any passwords you use, so that you can extract your files!

    I hope this helps. Looking in the help I found that Winzip 8.0 works with win 95, win 98 and win 2000. I didn't see anything about XP but I'm using it on XP and it works.
     
  8. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    notageek,

    Thank You.

    I was hoping that they would have beefed up the encryption in 8, but seems like their desire to allow other zip utilities to decrypt is stronger than the need for increased security, or maybe the restrictions on stronger encryption is holding them back...

    Oh well maybe 8.1 or later versions will get the beefed up security.

    For now the encryption strength Winzip offers coupled with my RC4 cipher, 128-bit key browser encryption is enough for me and my email needs.
     
  9. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    No problem
     
  10. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    :D

    Someone already mentioned using certificates: www.thawte.com offers a certificate (for free) that you can use with e-mail clients like Outlook Express and The Bat!

    In order to use encryption both you and the receiver must have a certificate and you must already have exchanged the public keys.
    That's very easy, because this functionality is build-in in OE and The Bat! : just digitally sign an e-mail message by pressing the right button and entering your (secret) password.
    When the certificates have been exchanged, you can just as easy encrypt the message by pressing an other button. That's all that there is about it. It requires no software at all (apart from your certificate enabled mail client). You only have to enroll :cool:

    The Thawte certificates can be made trusted certificates if you get your certificate authenticated by a so called notary. That way you can have trusted communication with other parties, without even knowing them. But that's another matter :rolleyes:
     
  11. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Good information meneer... Thank You.
     
Loading...
Thread Status:
Not open for further replies.