Re: Email Encryption
- From: dekket <dekket.2ca97o@xxxxxxxxxxxxx>
- Date: Wed, 9 Aug 2006 22:16:17 +0530
privacy concerned Wrote:
dekket wrote:
I would suggest you try Secured eMail (www.securedemail.com). It'supon
stable and has a very high level of security. Instead of building
certificates which, if broken or stolen, will open up _all_ youreach
emails, Secured eMail uses System SKG to create a new dynamic key
time. You open the emails using a password, and you don't have toIt looks Secured eMail is fundamentally a symmetric key encryption
remember the password if you've opened one email from a recipient
before.
I'm not that good at their technology, go read about it yourself on
securedemail.com/semtech.asp instead.
system. It requires exchange of a symmetric key or "Shared Secret". It
is far less desirable than public key encryption. If you exchange the
shared secret with email, then there is no security at all because the
email can be intercepted. For this reason, they recommend exchanging
the shared secret by phone or fax. This will be very cumbersome and
you
cannot do this securely either, because the phone and fax may be
wire-tapped.
Public key based systems, such as S/MIME and PGP are much more
superior. Because the only thing that needs to be exchanged is the
public key, which will not compromise the private needed to decrypt
the
message. The problem with S/MIME and PGP, however, is that they are
very difficult to setup and use. They cannot "send to anyone" - if the
recipient does not have a public key, the message cannot be sent.
EaSecure (see http://www.easecure.com/) provides the same grade of
public key encryption as S/MIME and PGP but is made extremely easy to
use and it allows "send to anyone" not requiring the recipient to have
a public key before the message can be sent. If the recipient does not
have a public key, the message will be protected by a one-time
password
which will be sent to the recipient in a separate email. When the
recipient opens the first EaSecure message using the one-time
password,
the recipient's public key will be automatically generated and
certificates will be automatically installed. After that, all EaSecure
messages sent to that recipient will be encrypted by the recipient's
public key. In addition, all one-time passwords for the same email
address will expire and become useless. All EaSecure messages,
including previously received messages and future messages will become
safe. Nobody can open them anymore, except the intended recipient who
has the private key. The exchange of public keys is also automatically
carried out through the EaSecure key server.
Disclaimer: I have an interest or is associated with EaSecure
Corporation. However, all my postings here are my personal views and
should not be mistaken as the official views of the EaSecure
Corporation. EaSecure Corporation will not be liable for anything I
say
or do here.
You are absolutely right, if the shared secret is compromised, the
security is lost. However, that is the only known vulnerability.
Secured eMail never encourages anyone to transfer the shared secret
through email.
Like you, I am affiliated in a way with Secured eMail, though my views
are highly my own, as I am only affiliated with Secured eMail since I
loath PGP and everything they are. I've had my PGP secured email hacked
before, and know for a fact that it aint that great.
The tech part of Secured eMail isn't my forte, granted, but cracking
keys aint that difficult if you have enough time.
And on that note; I have cracked a PGP key. It didn't take that long.
Can't remember how long exactly, but it was less than a few weeks.
I have a computer here running a program that the coders wrote me, in
order to test the strength of the system skg keys (a brute force
program). It has been running for 6 months uninterrupted - they key
aint broken.
Again, the shared secret IS the no. 1 vulnerability, but if you don't
send it through email, you're pretty much home safe.
We could argue pro's & con's all day, bottom line is still the user
friendlyness, and Secured eMail has that beat on every angle compared
to PGP. I can't speak for EaSecure in any way, since I have yet to try
that.
--
dekket
------------------------------------------------------------------------
dekket's Profile: http://forums.techarena.in/member.php?userid=16736
View this thread: http://forums.techarena.in/showthread.php?t=562422
http://www.techarena.in
.
- Follow-Ups:
- Re: Email Encryption
- From: privacy concerned
- Re: Email Encryption
- References:
- Re: Email Encryption
- From: Vanguard
- Re: Email Encryption
- From: dekket
- Re: Email Encryption
- From: privacy concerned
- Re: Email Encryption
- Prev by Date: Re: Windows UPdate just sits there...WinXP
- Next by Date: Re: How can I avoid Welcome screen?
- Previous by thread: Re: Email Encryption
- Next by thread: Re: Email Encryption
- Index(es):
Relevant Pages
|
