Sunday, March 2, 2008

How go is encyrpted email ?


This article teaches you how to setup encryption for the email client called Thunderbird. You can do encryption even for Gmail , Yahoo mail , Hotmail ...etc. You don't need an email client to do so and you can do it in a web-based email situation. All you need is a software to encrypt your message with your private key and generate a public key. Publish the public key somewhere.

Refering to the article's scenario, what Joe could have done to read Sam's emil to Jane is to suspect an encryption in the email because of the weird cryptic message. Using a search ... maybe via search engine like Google or other means of search to retrieve the public key.

With the public key , Joe could use it to decrypt the encrypted message. This is to assume that the public key is found. Another scenario is that Jane publish her public key by sending Sam in a previous message her public key. If Joe captured the message containing the public key... it's game over. The best way is for Jane to meet Sam personally to give him the public key or over the phone... by what if Joe somehow manages to eavesdrop on the phone call ?

Using Diffie Hellman for creating a shared secret key is going to be troublesome because a few values have to be actively exchanged between Jane and Sam before both get the secret key made.

Anyway , how safe is encrypted email ? Against people who have little's definitely effective... but what if it's up against someone who is so willing to eavesdrop...have the people , have the resources ... have the time to do so ?

No comments: