I have specific needs for a live OS

For discussions about security.
Post Reply
Message
Author
User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#31 Post by Pizzasgood »

Encrypting only the password still leaves emails you send or read open to be sniffed, but it at least prevents people from being able to obtain your password, which would allow them to log into your account and send mail to people that looked like it was sent by you. Also, the person intercepting your traffic would only see the emails that you send or read during that session, whereas if they obtained your login credentials, they could log in later and read all of your saved messages as well. So it does offer some benefits over no encryption at all.

One thing to keep in mind though, in regards to email, is that email is mostly sent between email servers unencrypted. So let's say you use gmail to send an email to somebody who uses hotmail. Even if it's encrypted between your computer and gmail, when it passes from gmail to hotmail, it might not be encrypted. So somebody who is in the same room as you wouldn't be able to read the email by sniffing the wireless packets, but somebody who is able to intercept the traffic passing between gmail and hotmail would be able to read the email. That's harder to do than to just watch the wireless traffic, of course, but it can happen.

As far as manually encrypting your own emails goes, you don't necessarily have to send them as an attachment. It depends on how you encrypt them. GPG can encrypt them in such a way that you can just copy and paste the encrypted text into the email and send it on its way. The recipient can then copy it out and feed it through GPG. I believe there are also plugins for Firefox that can take care of this without all the copying and pasting. If you use an actual email client instead of webmail, some of them have built in support for GPG, and some that don't have it built in do have plugins for it (for Thunderbird there is Enigmail).

Of course the problem with sending an encrypted message is that the recipient needs to know how to (and be willing to) decrypt it, which I imagine could be troublesome if they are not as willing to indulge in paranoia as you are.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Top
Post Reply

Return to “Security”