Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do Slashdotters Encrypt Their Email?

Posted by Unknown on from the translate-it-to-navajo dept.

An anonymous reader writes "Many years ago when I first heard of PGP, I found an add-on that made it fairly simple to use PGP to encrypt my email. Despite the fact that these days most people know that email is a highly insecure means of communication, very few people that I know ever use any form of email encryption despite the fact that it is pretty easy to use. This isn't quite what I would have expected when I first set it up. So, my question to fellow Slashdotters is 'Do you encrypt your email? If not, 'Why not?' and 'Why has email encryption using PGP or something similar not become more commonplace?' The use of cryptography used to be a hot topic once upon a time."

4 of 601 comments (clear)

  1. Very rarely, alas. by gessel · · Score: 5, Informative

    I use GPG/OpenPGP for some mail and "secure" web mail for other applications. I do not use third party web mail (such as gmail) because I can't control the dissemination or privacy (or longevity) of my mail and while my life is generally boring enough to fit within Eric Schmidt's idea of privacy ("If you have something that you don't want anyone [someone] to know, maybe you shouldn't be doing it in the first place [at least not though a google property]."), I occasionally write a personal opinion of someone I wouldn't want them to be able to Google later or share a business detail that could be economically damaging or embarrassing (or is subject to NDA) and gMail and all other web mail services are effectively public.

    I've used PGP (and eventually GPG) since about '94 and my keyring has about 20 people on it: more than 1 new key a year! Alas, 25% of those keys expired in the late 90s. My address book has about 1500 entries. Why so few keys? As the OP pointed out, it isn't all that difficult.

    The answer for me is that the model for encouraging encryption has to be more like S-WAN than GPG-like. I'd love to turn on "encrypt everything" and forget it, but I'd get an error message for 99% of my correspondents, so obviously that isn't going to happen. So I set my prefs to reply to encrypted messages with encryption, which is fine, but it means I rarely (almost never) initiate an encrypted thread.

    What I'd like is an opportunistic encryption mode where any message to an address in my keyring is encrypted by default. Any message to anyone I don't have a key for gets a nice little .sig file with a brief notice that their mail is insecure and effectively public and a link to further instructions for getting GPG set up.

    One annoying problem is that encrypted mail is not searchable. To solve that, I want my client to extract a keyword list on decryption then upload that keyword list to (my own) server as an unencrypted header to enable searching (implemented, of course, with a stop list for words you wouldn't want to appear in the clear even out of context or perhaps particularly out of context).

    For the truly paranoid, this list could be a hash list, though you could still fairly effectively dictionary hash fish, but it would provide some security and reduce the easy availability of information. In fact, all headers could be hashed and still generally be searchable (except maybe date ranges).

    I also want my server to store my public key and encrypt all incoming mail with it. Of course it is already transported in the clear, but it makes my server less vulnerable. Once the mail has had an index extracted and the body encrypted, someone cracking into my IMAP server would, at least, not find a historical trove of clear-text data. And my friends without keys would get annoying sig files evangelizing encryption.

  2. Re:No by Vrtigo1 · · Score: 5, Informative

    Not entirely - as you pointed out SSL would secure the connection between the your computer and your server, however the connection between your server and the remote server, as well as the connection between the recipients computer and their mail server would remain unencrypted, so effectively you only have encryption on 1 of 3 links.

    Message encryption makes transport encryption unnecessary. I.E. you don't care if someone grabs the body of the e-mail because it's useless if you can't decrypt it. Although I do recognize that I, along with most of the rest of the world I think, consider e-mail an inherently insecure communication tool and treat it as such. If you need to send something secure through e-mail, throw it in a password protected rar file and send it as an attachment.

  3. Re:No by Oswald · · Score: 5, Informative

    I believe that would be a "no" unless you consider parading your message past Google, who probably keeps a bigger file on you than any other entity, private. And it might be a worse than that--saying it's only Google that sees the message assumes that Google doesn't decrypt the message in one facility, send it from that data center to another in the clear, then re-encrypt and send to your recipient. Whose to say your mail server is in the same facility as his just because both accounts are with Google?

  4. Re:No by jakuaii · · Score: 5, Informative

    The main problem with OpenPGP on mail for me is that due to the unique key per recipient, if you add more than one recipient or cc, you have to encrypt the mail for each and every one of them. If you add some attachments it's pretty sure that you will hit the maximum allowed mail size of some mail server along the way.

    Uh, no. It's called "session keys". The content is encrypted with a random number (the session key), and this random number is in turn encrypted with the recipients' private keys. As the content is usually compressed too before encryption, the result may even be a smaller e-mail than without...