Is E-mail Security Possible

[cz]

Sorry for this thread but there's so much info on this sub-forum any link will suffice for an answer.

I want to correspond in business and sometimes these conversations contain very sensitive info.

I want to be able to know that the information is only being received or stored on that person's PC inbox and not being scraped by say, GG, Y! MSN or my own ISP for that matter.

Is complete security of information possible in the world of email correspondence or is the telephone a better medium to disclose personal or sensitive information?

Thank you!!

cz

[wige]

No. The e-mail you send and receive could be logged or stored on any number of servers. The best option for ensuring that the contents of your e-mail remain private right now is to encrypt the e-mail. Right now, I think the most common method used is PGP, although there are a few different options depeding on the level of security and authentication that are needed.

[cz]

Thank you wige!

[williamc]

Quote:

Originally Posted by wige

No. The e-mail you send and receive could be logged or stored on any number of servers. The best option for ensuring that the contents of your e-mail remain private right now is to encrypt the e-mail. Right now, I think the most common method used is PGP, although there are a few different options depeding on the level of security and authentication that are needed.

Agreed, PGP is the only way to go if you want true security in email conversations.

[Dinghus]

So you don't like s/mime?

Of course you need certificates etc to be secure. At both ends.

[williamc]

Not that I don't like it, but am accustomed to PGP.

[MrGamm]

There are a few things which you should know about security an encryption. I believe Wige mentioned PGP which I have never used myself but I think it can be both public key encryption and private key.

Public Key Encryption essentially means that the key used to decipher the encryption is passed over public channels and susceptible to interception. People call it a "man in the middle attack".

Private key means the person decrypting the message is the only one privileged to the key or "password" which is capable of decrypting the message.

There are a lot of very neat password crackers on the internet as well. They can brute force or dictionary crack the password used for decryption by making millions of guesses to determine the correct answer. But besides breaking the encryption I would guess the security weak point is instead vulnerable to a "side channel attack" (maybe a key stroke recorder).

I am not an encryption expert so I reserve the right to use a word slightly incorrectly.

I know that probably wasn't what you were asking... but nothing is 100% secure... and these terms are probably some of the best to do searches on... just my opinion.

You could always translate your email message to Morse Code?

[wige]

Actually, currently, there is no known way to decrypt Pretty Good Privacy encrypted documents. There are theoretical ways to break old versions, but none that have been used to actually open a message. For example, researchers found that one old version could be cracked, but it would take an estimated 53 million years to break a single message, using the entire computing power of the US government (or something like that).

It is true that there is no such thing as 100% security. The current model for people who are securing systems follows an approach of cost vs benefit - is the cost to an attacker in terms of time, training and resources worth the effort of breaking the system. For your e-mails, PGP would meet that test - it would take much more to decrypt your message than the information in the message would be worth to an attacker.