Re: newbie question
- From: "Matt Davis" <stackinjection@xxxxxxxxx>
- Date: Thu, 7 Sep 2006 11:23:02 -0500
You need encryption whose key is not transmitted in MITM-vulnerable orPGP-encrypted. You can then
reverse-engineerable form, much like PGP. It would be best that any email you get be
transmitted to you via PGP. It will sit in your Gmail inbox
download it as you wish, and decrypt it on your local system.
Not to mention, since it is in your inbox encrypted, it doesn't matter
if your email vendor decides to turn over your emails to any
government agencies when requested.
Of course, that doesn't prevent the agencies from bringing you in and
leaning on you for the keys. I've seen truly paranoid people keep
keys / data stores in hidden truecrypt volumes to add another layer.
It just depends on the threat model.
Then again, a lot of information can be derived by who emails who, and
what the "flow of the conversation" is. None of these solutions
prevent your recipients from forwarding the emails on clear text
either.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Re: newbie question
- From: krymson
- Re: newbie question
- Prev by Date: Re: Device Authentication - The answer to attacks lauched using stolen passwords?
- Next by Date: Re: How to monitor Windows user
- Previous by thread: Re: newbie question
- Next by thread: RE: newbie question
- Index(es):
Relevant Pages
|
|
