Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away?

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 17 Jun 2013 10:03:14 +0000 (UTC)
http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away/

By Peter Bright and Dan Goodin
Ars Technica
June 14 2013
In an age of smartphones and social networking, e-mail may strike many as quaint. But it remains the vehicle that millions of people use every day to send racy love letters, confidential business plans, and other communications both sender and receiver want to keep private. Following last week's revelations of a secret program that gives the National Security Agency (NSA) access to some e-mails sent over Gmail, Hotmail, and other services—and years after it emerged that the NSA had gained access to full fiber-optic taps of raw Internet traffic—you may be wondering what you can do to keep your messages under wraps. 

The answer is public key encryption, and we'll show you how to use it.


The uses of asymmetry
The full extent of the cooperation between the NSA and various technology companies is unclear. It will probably remain that way for the foreseeable future. For the time being, however, it seems likely that the standard cryptographic tools used to secure data "in flight"—that is to say, the SSL that protects data traveling between machines on the Internet—remain secure as long as certain best practices are used.
That protects against some threats, such as wholesale monitoring of Internet traffic of the kind the NSA is known to engage in, but it doesn't do anything to protect data that's "at rest." That is to say, SSL doesn't do anything to prevent a company like Google or Microsoft from handing over an archive of your e-mail in response to a court order. The e-mails are just lying around on some Google server somewhere.
If you don't want a government, service provider, employer, or unauthorized party to have access to your mail at rest, you need to encrypt the mail itself. But most encryption algorithms are symmetric, meaning that the encryption key serves a dual purpose: it both encrypts and decrypts. As such, people encrypting mail with a symmetric key would be able to decrypt other mail that used the same symmetric key. While this would protect against anyone without the key, it wouldn't be very useful as an encrypted e-mail system. 

[...]


_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: