Friday, July 14, 2006

Errata...Encryption and email.

Email, as you may know, is a completely insecure form of communication. It has been likened to a postcard, in that anybody who wants to read it can without almost any effort. The analogy is good, but it would be more accurate to say it's a postcard that is delivered not by the postal service but by randomly handing it to a guy on the street and asking them to pass it to the next person they see heading east (and on and on it goes from one random person to the next until it arrives at it's intended destination).

And as my life is increasingly involved on-line (calendars, to-do lists, reference materials, shopping, etc) I've started doing some serious thinking about how vulnerable much of that data is. Granted, with most things I have little control over 'my' data held in banking computers, or goverment laptops (SSU comprimised thousands of it's students SSNs last year), I do have some control over some things. My email is one of them, and it's probably the least secure method of communication I have. Encryption is a toddle, and on a philisophical level I feel it's critical that everyone becomes aware of the issue, and starts using encryption.

It's not that I feel that my forwarded funny cat videos from youtube are critical to keep secret, and I'm smarter than to put anything important like SSNs or credit card numbers in an email, but with my email unsecure, there is no way to be sure that email you recieve from is actually from me. It doesn't take much to 'spoof' someones email account, and then the cracker is able to siphon all my emails without my knowledge. So the easy thing to do is encrypt my mail (and thus move away from gmail).

Encrypting email is really quite easy (especially after you set it up). I use a combination of free tools on my mac that integrates nicely into Apple's default Mail app. It's the open-source variant of PGP, called GnuPG. It's a very good, respected, encryption scheme that relies on "public-key cryptography."

Here's how it works: I make two different keys, one public, and one private. I put the public one where anyone can get it, and keep the private one...well..private. Then if you want to send me a message you use my public key and encrypt the message. When I get it, I can decrypt it with my private key.

Think of it like your voicemail: your phone number is your public key. I can leave you a message using your phone number (public key). When you call in to your voicemail system, you enter a number that allows you to hear your messages (the private key). I can't hear your messages, but anyone can leave one.

Got it? If not, let me know or google PGP, or public-key encryption. There's volumes on the 'net about it.

These encryption tools also allow you to encrypt files on your hard-drive (or your whole hard-drive!) and 'watermark' any message so that anyone who receives your message can verify it really came from you.

So, any message you recieve from me should start containing something that looks like:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The message would be in here.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)

iD8DBQFEuInWLqp9mdnoHyYRAujJAJ9ETIx1a5qTEZ8VdaZNEW/TMq0gcwCeOfhb
ZWyMlkRIQot6SatadhD3Zfes=
=Mrjy
-----END PGP SIGNATURE-----


If you install GnuPG (or PGP), and download my public key, it will instantly verify if that message really came from me, and then if you reply you can use the same key to encrypt it to me.

Really this stuff is easier to setup than a home network, and it's a basic precaution all of us who use email should take.

As an aside: All the 'data losses' that keep showing up in the news (laptops with 65,000 SSNs, or credit card numbers, etc.) wouldn't be nearly so catastrophic if these people used some decent form of encryption. Frankly I'm surprised no one has sued these various companies/agencies into mandating encryption.

*There is some version of GnuPG/PGP for every OS and almost every mail client out there. If you want some help setting one up, let me know I'd be happy to help.

No comments: