Slashdot Mirror

← Back to Stories (view on slashdot.org)

Email Clients with Encrypted Archives?

Posted by Cliff on from the yet-another-cool-feature-idea dept.

jasonbrown asks: "If your like a lot of us, you want to keep all your good email for later viewing. Then again, who wants to have all that personal stuff laying around when some higher power decides to dig through it. I was wondering if the Slashdot community knows of any good, preferably linux compatible, email clients with an encrypted archive to keep your old email away from prying eyes."

4 of 49 comments (clear)

  1. Pretty easy cribs for this. by Marsh+Jedi · · Score: 2, Insightful

    I am no cryptographer, but one of the issues I have seen with this kind of a system is the fact that you can put fairly easy cribs in the messages themselves that weaken the encryption somewhat. For example, if the system keeps the mail headers, simply send emails with known strings, such as a long X-header, like
    X-crack-this-poor-dope's encryption: SOMEVERYLONGSTRING.
    The odds are, he'll never see it, and now you have a known cleartext string to look for.

    I have got to say, an encrypted fileseystem is probably the best, as at least you don't know where you are supposed to be looking for this string, then.

  2. Re:useless by Halvard · · Score: 2, Insightful


    Unless the e-mail is encrypted during transmission there is little point in worrying about storing it on your local machine in an encrypted format.



    Sure, the email should be encrypted during transmission, but there are instances where you are required to keep a paper trail for later reconstruction. A good example is the government. Also, when an organization is actively beefing up security, the fact that they've basically used ignorance in the past as their security protocol, has no bearing on future activity.



    If they already have copies of some of the clear text that resides in the encrypted archive, it will be child's play to find your encryption keys and decrypt the entire archive.



    Too true. Don't send it unencrypted. But that's not part of their information request.


    If you are already sending all your e-mail in an encrypted form, you simply need to keep the encrypted e-mails in the archive as well.



    The problem with this methodology is that if leads a cracker directly to all the "loot". Encrypting everything means they have a lot more work on their hands.

  3. Get a grip by coyote-san · · Score: 4, Insightful

    You've been watching too many spy movies...

    The issue most of us face isn't somebody actively snooping into our lives at all times, it's our boss taking a peek around our system to try to find some dirt. Nothing criminal, not even acting in bad faith, but a discussion of how much the VP looked like a drunk duck or a dancing Balmer at a "rally the troops" meeting would do nicely in damaging our image with senior management.

    Of course the boss could ask IT to search the mail archives kept by the company, but then they would have dirt on him! Nope, much better to make a midnight raid and 'accidently' forward the incriminating message to the topic of discussion late some night....

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  4. Re:useless by markj02 · · Score: 5, Insightful
    That's utter BS. There are plenty of reasons you may want to encrypt your E-mail archives even if it's transmitted in plain text. Perhaps you keep them on a laptop and worry about it getting stolen. Perhaps you use a secure VPN for getting your corporate mail and now want to secure the on-disk storage.

    Furthermore, for any reasonable cryptosystem, having even tons of plaintex and encrypted text available is not sufficient to recover the key.