Security Basics mailing list archives

Re: Email Encryption

From: Adriel Desautels <adriel () netragard com>
Date: Wed, 14 May 2008 14:52:09 -0400

Pete,

Last time I checked it was fairly easy to crack a password protectedwinzip file. My suggestion would be that you use PGP based encryption.You can find some good PGP based technology at www.pgp.com or you canuse gnupg from gnupg.org.


Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


Preston Kutzner wrote:

On 14 May 2008 08:08:07 -0000
pete.hill () sit-up tv wrote:

Hi there,

I am currently running through a PCI program at my company and am looking for recommendations on an email encryption 
tool.

We currently use a licensed version of Winzip, but I have heard that this may not be up to job as far as passing a PCI 
DSS audit is concerned.

Is Winzip good enough?  and if not, what should we be using to get a pass on this?

Many thanks
Pete

More information would be handy to help give a reasonable answer.  What
OS are you using?  What MUA are you using?  What are you trying to
encrypt in your email?  If you're using WinZip currently, I would
assume you're just looking to encrypt the attachment.  Are you also
looking to be able to encrypt (and sign) the entire email message?  Is
compression necessary for your application?

As far as email encryption is concerned, typical methods for this
application usually consist of either SSL certificates or PGP/GPG
encryption.

Current thread:

Email Encryption pete . hill (May 14)
- Re: Email Encryption Preston Kutzner (May 14)
  - Re: Email Encryption Adriel Desautels (May 14)
  - Re: Email Encryption m0untainrebel (May 14)
  - RE: Email Encryption Daniel I. Didier (May 14)
- Re: Email Encryption Gregory Boyce (May 14)
  - RE: Email Encryption TBarnhart (May 14)
    - Re: Email Encryption Adriel Desautels (May 15)
- Re: Email Encryption Ansgar -59cobalt- Wiechers (May 14)
- <Possible follow-ups>
- Re: Email Encryption khushbu . jithra (May 15)
- Re: Email Encryption khushbu . jithra (May 15)
- Re: Email Encryption Adriel Desautels (May 16)