http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away/
By Peter Bright and Dan Goodin
Ars Technica
June 14 2013
In an age of smartphones and social networking, e-mail may strike many as
quaint. But it remains the vehicle that millions of people use every day to
send racy love letters, confidential business plans, and other communications
both sender and receiver want to keep private. Following last week's
revelations of a secret program that gives the National Security Agency (NSA)
access to some e-mails sent over Gmail, Hotmail, and other services—and years
after it emerged that the NSA had gained access to full fiber-optic taps of raw
Internet traffic—you may be wondering what you can do to keep your messages
under wraps.
The answer is public key encryption, and we'll show you how to use it.
The uses of asymmetry
The full extent of the cooperation between the NSA and various technology
companies is unclear. It will probably remain that way for the foreseeable
future. For the time being, however, it seems likely that the standard
cryptographic tools used to secure data "in flight"—that is to say, the SSL
that protects data traveling between machines on the Internet—remain secure as
long as certain best practices are used.
That protects against some threats, such as wholesale monitoring of Internet
traffic of the kind the NSA is known to engage in, but it doesn't do anything
to protect data that's "at rest." That is to say, SSL doesn't do anything to
prevent a company like Google or Microsoft from handing over an archive of your
e-mail in response to a court order. The e-mails are just lying around on some
Google server somewhere.
If you don't want a government, service provider, employer, or unauthorized
party to have access to your mail at rest, you need to encrypt the mail itself.
But most encryption algorithms are symmetric, meaning that the encryption key
serves a dual purpose: it both encrypts and decrypts. As such, people
encrypting mail with a symmetric key would be able to decrypt other mail that
used the same symmetric key. While this would protect against anyone without
the key, it wouldn't be very useful as an encrypted e-mail system.
[...]
_______________________________________________
ISN mailing list
[email protected]
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
