Secure emails? Where?

[malcontent]

Quote:

Originally Posted by botolo

Hello,

I am working on a project with a couple of friends. We would like to share some ideas and opinions via email in order to discuss on the development of the project but we would love to use some secure way to communicate.

We don't want our emails to be read by someone else (e.g. the administrator of the office email service) and we want them to go through encrypted.

I was looking at PGP but it seems very complex to install and use!

Any other suggestions?

Perhaps you and your friends could sign up for free Lavabit.com email service. They offer SSL encryption connection to their servers and your email can be encrypted while on Lavabit servers. There is an option in Lavabit preferences that allow all email in your account to be encrypted. Even the administrators of Lavabit can not read your email on their servers. You and your friends could email each other using Lavabit accounts. Your entire communication with your friends would be encrypted from beginning to end.

[beeboy]

Quote:

Originally Posted by David

https only provides a secure (encrypted) connection between your local computer and the server you are uploading/downloading mail from. The message travels unencrypted while travelling between mailservers. Mail can also be read (while on the servers) by the administrators of the company that the email account exists on.

Thanks for the explanation David albeit a little disturbing. Does this hold true for smtp and pop ssl connections as well?
If I'm sending my credit card number out over what I thought was a secure connection and its not secure then I'm very disturbed that this information can be intercepted and easily read. I thought this was the whole idea behind httpS - secure transmission.

Sorry if this is off-topic but it is important to clarify.

[Mechant Loup]

If you do not always need to use email, you may also want to look at OTR, http://www.cypherpunks.ca/otr/

for encrypted instant messaging. It is very easy to use and very well done. You can actually trust your data on this one, which is not true for all "encryption" software and stuff out there. Pairing it with Pidgin is an easy and reliable approach for secure IM.

If you're going to exchange files, be sure to use something stronger than plain .zip encryption, which can be broken quite easily. RAR offers AES-128, which is more than anyone needs. Your data is then as secure as your password is. Read more about choosing secure passwords here:

http://www.ephesus.com/Encryption/Passphrase.html

It discusses PGP / GPG, but applies equally to any application using passphrases.

Read this too:
http://www.schneier.com/blog/archive...ng_secure.html



Of the compression software out there, 7-zip is also an option: http://www.7-zip.org/

It employs AES-256 and is opensource, which RAR is not; however, there is no reason to expect any weaknesses in the RAR encryption routines, even though no-one can study their implementation as such. RAR is not expensive. 7-Zip is free, though, and compresses better. RAR may be more familiar to some users.

For reliable encryption, I'd still go for PGP / GnuPG. You do not necessarily need to use keypairs, if that approach confuses you -- PGP and GPG can encrypt by password as well (i.e. symmetrically) and PGP/GPG is the most trusted of the options you have. Encryption is very easy to do badly or plain wrong. Hence, use only well-known software.

I'd prefer going for real email encryption with either a specialised service or with PGP / GPG.

GPG is an opensource alternative to PGP, used mainly on Linux and other UNIXes, though some kind of windows port exists too.

WinZip support AES encryption now, too, but in the past there were some concerns over the cryptographic soundness of their approach. I do not quite trust it, especially as better software exists (WinRAR and 7-Zip, if you are on Windows) For *NIX, GPG + Tar + GZip or Bzip2 is the way to go. That's what I use. I also opt for asymmetrical encryption for my backups etc. as it is much easier than using symmetric encryption.

Whatever symmetric encryption you choose to use, remember that your data will only be as safe as your passwords are strong. People generally use very weak passwords, foolishly thinking AES or similar is going to protect them despite this. Also, whether the symmetric encryption algorithm in use is AES-128 or AES-256 is irrelevant -- in case you encrypt symmetrically, you probably won't be providing enough key entropy to fully use even a 128-bit keyspace, so anything higher is just going after a "megahertz myth."

[David]

Quote:

Originally Posted by beeboy

Sorry if this is off-topic but it is important to clarify.

Secure POP and IMAP download are secure only between the server and your local machine (as is the case with secure SMTP as well)

Everything is unencrypted while in transit (or when on the server at either end)

Conventional email is not a secure protocol..... unless you encrypt (and decrypt) the message at both ends.

[Mechant Loup]

Quote:

Originally Posted by beeboy

Thanks for the explanation David albeit a little disturbing. Does this hold true for smtp and pop ssl connections as well?
If I'm sending my credit card number out over what I thought was a secure connection and its not secure then I'm very disturbed that this information can be intercepted and easily read. I thought this was the whole idea behind httpS - secure transmission.

Sorry if this is off-topic but it is important to clarify.

Do not worry about someone intercepting your credit card number on transit; worry about someone breaking into the host's system and grabbing all the credit card numbers stored neatly in a database there. That happens. It may be quite easy; catching random transactions "on the fly" somewhere along the way is generally not.

Of course, you still want to use https etc. But the vendor holding your card data is your weakest link, really.

[theog]

Quote:

Originally Posted by Mechant Loup

Do not worry about someone intercepting your credit card number on transit; worry about someone breaking into the host's system and grabbing all the credit card numbers stored neatly in a database there.

I agree with that... I've not heard any chatter about someone being able to capture data while it is encrypted from the browser to the secure server.

Not that it can't happen, but sometimes I think we get caught up in posts and start promoting situations that maybe true, but not in reality. I do get a kick out of these "security" discussions though.... cool.... lol

Quote:

Originally Posted by Mechant Loup

But the vendor holding your card data is your weakest link, really.

Yup....

[ekangas1]

This is true, but I have seen many cases of people's email and other login credentials stolen when they used insecure email (pop/imap/smtp) or web (http) connections in an Internet hotspot. These folks learned the hard lesson too late that they need to be vigilant and use SSL/TLS for everything they can.

It is certainly true that SSL/TLS only encrypts the communications between servers and does not encrypt ANYTHING once it is on a server. In fact, use of SSL implies that the data is decrypted by the target server so that the processes there can read and manipulate it. In the context of email, this means that SSL and TLS can be used to negate the possibility of eavesdropping; however, you still have to inherently trust the people running the servers through which your email travels. The only way to eliminate that need for trust is to use PGP or S/MIME message encryption starting in your client (or at an encryption gateway that you trust) and ending with the recipient.

I wrote an article a while ago that goes into detail on many of the inherent insecurities in email (from smtp to pop and imap) and some of the possible things that can be done to mitigate them (like ssl, pgp, s/mime) and why. See

http://luxsci.com/extranet/articles/email-security.html

[beeboy]

I found your article very helpful Ekangas1. Informative and easy to understand. Thankyou.

[theog]

Quote:

Originally Posted by ekangas1

This is true, but I have seen many cases of people's email and other login credentials stolen when they used insecure email (pop/imap/smtp) or web (http) connections in an Internet hotspot. These folks learned the hard lesson too late that they need to be vigilant and use SSL/TLS for everything they can.

It is certainly true that SSL/TLS only encrypts the communications between servers and does not encrypt ANYTHING once it is on a server. In fact, use of SSL implies that the data is decrypted by the target server so that the processes there can read and manipulate it. In the context of email, this means that SSL and TLS can be used to negate the possibility of eavesdropping; however, you still have to inherently trust the people running the servers through which your email travels. The only way to eliminate that need for trust is to use PGP or S/MIME message encryption starting in your client (or at an encryption gateway that you trust) and ending with the recipient.

I wrote an article a while ago that goes into detail on many of the inherent insecurities in email (from smtp to pop and imap) and some of the possible things that can be done to mitigate them (like ssl, pgp, s/mime) and why. See

http://luxsci.com/extranet/articles/email-security.html

Good post...

[nooby]

I don't know enough to really be of help in an accurate way but the owner of Woomail.com did create that service cause he and his customers did have that need too. To know that only they can read what they write to each other. Everything stays within that server. It never leaves it. Unless you decide to contact somebody outside of it.

The con is that all you have to use it but one can set it up in very secure ways so do at least give it a look.

Maybe other such services are even better but it was good enough for him and his partners and they have the same need as the OP.

[beeboy]

Botolo is concerned about the administrator of the office email server reading his mail.

From what we have learned here is that he should be secure from the admin's scrutiny if he uses any secure ssl connection other than the company's email server. For instance: if he uses gmail's ssl servers he should be ok from local eyes.

In an office situation I would be more concerned about remote desktop access. The admin could be watching his desktop at any time and thus, would have no privacy in any situation. Non work related projects via the company system may get him into a lot of trouble.

I, personally, would never do anything over the company's system I did not want them to know.

[Mechant Loup]

Quote:

Originally Posted by beeboy

Botolo is concerned about the administrator of the office email server reading his mail.

From what we have learned here is that he should be secure from the admin's scrutiny if he uses any secure ssl connection other than the company's email server. For instance: if he uses gmail's ssl servers he should be ok from local eyes.
.

No. The data packets go through the compnay LAN. The firewall records IP's and other info. The admin will learn, if they want, where he is connecting to, with what kind of packets, and when, etc. This might make them curious: What is this guy communicating through GMail that he is not willing to send through our own server?

That's like a red flag. I'd not do it.

[theog]

Quote:

Originally Posted by Mechant Loup

No. The data packets go through the compnay LAN. The firewall records IP's and other info. The admin will learn, if they want, where he is connecting to, with what kind of packets, and when, etc. This might make them curious: What is this guy communicating through GMail that he is not willing to send through our own server?

That's like a red flag. I'd not do it.

Not a "red flag" to want security when discussing a project. "Hats off" to the OP realizing he/she needs security!

My guess is "we" are taking this entire "security" thing to another level... lol

Some good posts in this thread though... some downright wrong. lol

[drewdawg]

if you don't want administration to read e-mails, then you should really go back to pony express, or passing notes to one another...

honestly, if you begin to use a company connection or vpn, then your stuff no matter what will be scrutinized....

[Mechant Loup]

Quote:

Originally Posted by theog

Not a "red flag" to want security when discussing a project. "Hats off" to the OP realizing he/she needs security!

I have no idea what you meant by this comment. Of course it can be a red flag to the system admin when an employee uses HTTPS GMail instead of their work email when sending from their work computer. Who are they sending to? What are they sending? Why are they sending? Why are they bypassing the server and the scrutiny it receives? What are they hiding?

Quote:

My guess is "we" are taking this entire "security" thing to another level... lol

I'm not an expert, but I do know the basics of how to communicate securely, how to encrypt correctly, or how to remain anonymous online. Using HTTPS:sed GMail from work does not belong to any of those categories, I'm afraid, and recommending that to the OP is bad, bad. The employer owns all that which travels through their LAN. And if you really take the effort to hide that which you send through the corporate LAN (encrypt), you will come under some serious scrutiny unless the admins know why you need to do this from your work machine to some weird email address not belonging to a known business partner, and via some GMail account.

I'd not go down that path without first consulting the system admins and getting their OK for such practises.

Quote:

Some good posts in this thread though... some downright wrong. lol

As is the wont of web forums.