how practical is it to use email encryption.

Discussion in 'privacy problems' started by magenta, Feb 22, 2009.

Thread Status:
Not open for further replies.
  1. magenta

    magenta Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    20
    just wondering how practical is it to use email encryption and how people go about it here..

    from my understanding the recepient of the sent mail needs to be running the same encryption software as the sender has on his/her machine.

    this seems very unlikely and would need prior contact between the sender and recepient to arrange to set up the same service.

    even if they did so how could the public key be delivered privately
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Another media - other than email ... piece of paper, usb key, cd rom, postal mail, phone ...
    Mrk
     
  3. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    AxCrypt (and others) allow you to create an encrypted .exe file.
    Recipient, upon running the .exe, is presented with a "Enter Passphrase" window.
    This seems to work well (assuming recipient has ability to run executables).
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    For the most part, encrypted e-mail is exchanged between people who have previously arranged to do this. As for the public key, it doesn't have to be delivered privately. Some post their public key on their websites. Others use key servers. The public key is made freely available so that anyone can use it to send you and encrypted message that only you can decrypt with your private key. PGP has used this method for many years. There's no way that your public key can be used to decrypt a message and it can't be used to figure out your private key. The only drawback to a public key is that it's obvious to anyone who sees it that you encrypt at least some of your communications. In todays political climate, that can draw attention from those who want to spy on everyone.

    Some versions of PGP can also make exe's described by Bob D. They're also called SDA's (self decrypting archives). They are not as secure as standard PGP but can be read by anyone that you've given the password to. What you use depends on who you're trying to keep from reading your communications. Assuming a reasonably good password, SDA's are plenty good enough to thwart nosy family members. If your communications contain evidence of government corruption, human rights violations, or something equally severe, SDA's are not strong enough. For info that sensitive, PGP or an equal.
     
    Last edited: Feb 22, 2009
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    And will run executables received by mail :)
    Mrk
     
  6. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Exactly.
    I felt it noteworthy to add that caveat.
    Recipients in some business environments will (understandably) be frustrated. :(
     
  7. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Dear Magenta,
    technically speaking, the use of encrypted email is extremely simple and userfriendly. If you are interested in it, I would advise the use of Thunderbird with the extension enigmail and the use of gnupg. If you are a windows user, you will find it quite easy to setup and use. Just try to google for "Enigmail" and you will find complete documentation on it.

    On the other hand, I suppose that if you are asking on here about encrypted email, nobody that you correspond with uses encrypted email; so here is the hard part: get all your friends/family/coworkers to use encrypted email. You will do a great favour to yourself and to the whole Internet community.

    About the communication of your public key, as already said, the public KEY is public, so you can spread it in any unsecure way.
     
  8. magenta

    magenta Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    20
    thanks markoman, how can I safely contact friends abroad to ask them to set up encryption?
    if i use a cell phone or regular mail it automatically tells who im talking to

    When using thunderbird or any mail client do i have to have an account with an email service provider or can i just mail away from the client?

    do i have to get my mail routed to the client from the email provider? pardon my ignorance on this but i have always just used webmail
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Encryption software is legal in most places so there's nothing unsafe about asking them to install PGP. After they install it, just exchange public keys. The public keys are basically text files so they're easy to send through e-mail. I haven't tried the new versions of PGP but the version I use can encrypt the contents of a browser window and works fine with webmail. Encrypted e-mail is no different than regular e-mail as far as sending and receiving is concerned.
     
  10. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    I just came across http://www.encryptomatic.com product "MessageLock" for e-mail encryption in Outlook; I have no need to test it myself so I cannot vouch for usability.

    I found it because another of their products is on a discount at http://www.bitsdujour.com this week.
     
  11. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    Just use GPG with FireGPG extension in firefox. Makes decryption as easy as point, click, passphrase, and encryption the same. It is very practical to encrypt your own email, I suggest you do provided you talk about things you want to keep private.
     
  12. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    How is the other person supposed to know the password. Plus the password is the key.
     
  13. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    By prearrangement, I was thinking about speaking to the bank about prearranging a password it could be a list of changing passwords according to what day of the week or what week. 7-Zip AES encryption is 256bit AES .
     
  14. magenta

    magenta Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    20
     
  15. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    In theory, there is no need to contact them PRIVATELY. Encryption doesn't hide the fact that you talk to someone, it just hides the contents of the communication. So it would be pointless to setup encryption privately, because the first time you send that person an encrypted message, ISP and the others that are "listening" on the wire will know you contacted that person. Sure, they won't know what you said, but they know you talked.
     
  16. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Why even use email? At drop.io you can create private "drops" with any address you like and then upload whatever you want.

    Here's an example I just set-up:

    http://drop.io/wilderstest

    There is nothing there now but an encrypted text message. I encrypted the notepad file with SecureZip AES 256 bit encryption. Go ahead and download the file and see how easy this is. The password is thisisawilderstest . It will extract to a plain text file in a folder. Go ahead, I've been a member here for five years and I'm not going to infect you. It's a simple text file to show how easy sharing encrypted communications can be.

    If you're really paranoid, you can even set a password for your private "drop" and share it only with your recipient. Drop.io is a great service and FREE for up to 100MB. You can set it to destruct on a certain date as well.

    We're all so caught up in thinking email, email. There's better ways to communicate without messages sitting on ISP or Gmail's mail servers for God only knows how long.

    Oh, do this from some wifi coffee shop or other public place and nobody's none the wiser for your efforts.
     
  18. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Certainly, there are a number of options beyond email if a user wishes to transmit information confidentially—e.g., it’s easy to encrypt a Word document (with the built-in encryption feature) and use, for example, the free YouSendIt (https://www.yousendit.com) service or any FTP site. The difficulty, however, with this approach and the analogous “drop.io” scheme is not the encryption—it is the transmission of the password. In contrast, by using a public key cryptography approach (e.g., Outlook with a Digital ID), neither individual needs knowledge of a common password. The sender uses the receiver’s public key for encryption, and the receiver uses her/his private key for decryption. It sounds complicated, but in practice it’s trivial and transparent.

    If your email is encrypted, it is encrypted all the way from the sender to the receiver—the ISP does not have visibility to the contents of the message or to any file attached to the email.
     
  19. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Everything you wrote is true. I used PGP for years and gave it up after too many hadn't a clue as to how to configure it. To each his own, I suppose.
     
Loading...
Thread Status:
Not open for further replies.