Home » » E-Mail Security

E-Mail Security

12:19
When an e-mail message is sent between two distant sites, it will generally transit dozens of machines on the way. Any of these can read and record the message for future use. In practice, privacy is nonexistent, despite what many people think. Nevertheless, many people would like to be able to send e-mail that can be read by the intended recipient and no one else: not their boss and not even their government. This desire has stimulated several people and groups to apply the cryptographic principles we studied earlier to e-mail to produce secure e-mail. In the following sections we will study a widely-used secure e-mail system, PGP, and then briefly mention two others, PEM and S/MIME. For additional information about secure e-mail.

PGP supports four RSA key lengths. It is up to the user to select the one that is most appropriate. The lengths are
  1. Casual (384 bits): can be broken easily today.
  2. Commercial (512 bits): breakable by three-letter organizations.
  3. Military (1024 bits): Not breakable by anyone on earth.
  4. Alien (2048 bits): Not breakable by anyone on other planets, either.

Since RSA is only used for two small computations, everyone should use alien strength keys all the time.

Key management has received a large amount of attention in PGP as it is the Achilles heel of all security systems. Key management works as follows. Each user maintains two data structures locally: a private key ring and a public key ring. The private key ring contains one or more personal private-public key pairs. The reason for supporting multiple pairs per user is to permit users to change their public keys periodically or when one is thought to have been compromised, without invalidating messages currently in preparation or in transit. Each pair has an identifier associated with it so that a message sender can tell the recipient which public key was used to encrypt it. Message identifiers consist of the low-order 64 bits of the public key. Users are responsible for avoiding conflicts in their public key identifiers. The private keys on disk are encrypted using a special arbitrarily long password to protect them against sneak attacks.

The public key ring contains public keys of the user's correspondents. These are needed to encrypt the message keys associated with each message. Each entry on the public key ring contains not only the public key, but also its 64-bit identifier and an indication of how strongly the user trusts the key.


Categories: 
Related Posts:
  • Session Hijacking-Protection Session hijacking isn't new to computer security. The term is most commonly used to describe the process of a TCP connection taken over by a sequence prediction attack. In such an attack, the attacker gains control of … Read More
  • Interview Questions-Networking Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 … Read More
  • Digital Signatures The authenticity of many legal, financial, and other documents is determined by the presence or absence of an authorized handwritten signature. And photocopies do not count. For computerized message systems to replace the… Read More
  • E-Mail Security When an e-mail message is sent between two distant sites, it will generally transit dozens of machines on the way. Any of these can read and record the message for future use. In practice, privacy is nonexistent, despite w… Read More
  • $_ENV and $_SERVER ? PHP sets several variables for you containing information about the server, the environment, and your visitor's request. These are stored in the superglobal arrays $_ENV and $_SERVER, but their availability depends on whe… Read More
  • Network Topologies - Basic In the seemingly never-ending competition to maximize theamount of data that can be pushed through a piece of wire, numerous network topologies have been tried and tested. Initially,companies offered wholesale solutions… Read More
  • RSVP Resource Reservation protocol is used to reserve resources across a network. It is used for requesting a specific Quality of Service (QoS) from the network. RSVP is a signalling protocol for the internet. RSVP st… Read More
  • Useful Linux web sites  Linux Features   It allows many users to access a computer system at the same time. It supports the creation, modification, and destruction of programs, processes, and files. It provides a directory hierarchy t… Read More
  • What Is IP Filtering? IP filtering is simply a mechanism that decides which types of IP packets will be processed normally and which will be dropped or rejected. By dropped we mean that the packet is deleted and completely ignored, as if it h… Read More
  • What is TCP/IP Best seo practices How to promoting webpages Top seo tips top 10 e-commerce tips Additional seo tips Advanced seo tips Mobile seo tips What is TCP/IP The Transmission Control Protocol and the Internet … Read More
  • TCP/IP Network Addresses-hosting This kind of address is still in wide use and is what people commonly refer to as an IP address. Part of an IP address is used for the network address, and the other part is used to identify a particular interface on … Read More
  • Network Security Configuration Installed your Linux system, you should keep some basic security measures to protect your system Firewalls, intrusion protection, encryption, data integrity, and authentication are ways of protecting against such attack… Read More
  • Network Security For the first few decades of their existence, computer networks were primarily used by university researchers for sending e-mail and by corporate employees for sharing printers. Under these conditions, security did no… Read More
  • Securing FTP-How  Securing FTP You can make your FTP uploads and downloads more secure in one of two ways: through Secure File Transfer Protocol SFTP or Transport Layer Security TLS. SFTPSFTP is a more secure way of uploading and downlo… Read More