-
ICMag with help from Landrace Warden and The Vault is running a NEW contest in November! You can check it here. Prizes are seeds & forum premium access. Come join in!
secure email
- Thread starter badboyg
- Start date
G
Guest
If you can wait a few weeks ICMAG is launching a secure Mail service i think..it is to be part of the subscription packages Gypsy announced earlier in the year.
Peace, hhf
Jesusbuiltmygro
Member
Hushmail is secure it uses 1024 bit encryption and the most they've ever broken is like 56 ish not including people with very weak keys.
http://www.thefreecountry.com/security/encryptedemail.shtml
http://www.cryptomail.org/
Here are some more options but I advise reading up on how email encryption really works and about which encryptions are the most widely uses.
The real problem with hushmail is that they use their own encryption and while it's supposedly strong it's very much only useful for emailing other hushmail users.
Encryption overall is slight more complex than just logging in and sending an encryption email. Unlike anonymous surfing such as
anonymouse.org
guardaster.com
the-cloak.com
findnot.com
Now if you are paranoid about your security SIMPLE... GET FINDNOT and start feeling secure. This place goes out of it's way to give you all kinds of anonymity options. You can even pay the bill with an international money order. So far they are the best service I've reviewed. It's not quite as easy to use as the online proxies, but findnot gives you full VPN support meaning ALL you network connections are encrypted including chat, surfing and anything else you do.
For encryption to work with email however it has to be a two way deal. Both parties must be using the same encryption and have the key to read the encryption.
Since the other guy has to use the same service the most popular way to do encrypted email is through PGP. Today OpenPGP exists as a popular open source PGP source. As far as actually using PGP I think it's more or less as easy as downloading a plug in for whatever mail client you use.
Now with PGP you would use a local mail client, not an online mail client, but if you want to communicate to people in general with encryption PGP is the best and probably most secure since it's an open source project not centrally controlled like hushmail.
On the other hand hushmail 1024 bit encryption is more than a little impressive, but since they don't use a standardized encryption that is supported and proven their could be a backdoor or master key in such proprietary encryption. All in all it's far less secure to use non standardized encryption especially for something like email where the person has to use the same encryption as you to read your email.
For simplicity sake or because you are only interested in talking to one or a few certain people through encrypted email I guess the online services are still the most practical. Nothing to worry about deleting or potentially being left on the computer because it's a local email client, so that helps some.
Something like cryptomail or other competing products are superior to hushmail for using standardized encryption. In cryptomails case they use AES which isn't all that, but it's beyond what hackers have ever broken. I think the most realistic crack on encryption stopped at around 56 bit encryption. In like 1997 some people broke it using brute force attacks, but anything beyond that or even remotely close to 128 is not breakable with brute force and todays computers. Some day it will be of course, but by then they will just upgrade the bit level of the encryption or such.
Anyway ONE more thing. Don't bother even using encryption unless you have a well generated password. Do not use a straight password. Different services will have different approaches. The RIGHT way to do it is to have a nice long pass phrase that the page generates a password from. If you use a straight phrase as a password your encryption becomes exponentially easier to crack because the predictability of using words is great. A password for secure purposes needs to basically be random letters, numbers, symbols and caps on some and off some. The pass phrase generators will do this for you. Many websites function as password generators if the encrypted webmail site doesn't for it for you.
So when looking for your ideal email encryption ensure that it uses a standardized encryption. It will usually say somewhere if it does because that is considered a major feature. If it doesn't that it is probably less secure. However I kind of doubt hushmail isn't secure enough for your purposes. It's not like you are FBI target number 1 and they are going to commit some great conspiracy to spy on you through hushmail. Though I admit hushmails business model is questionable since they seem to not want people to email encrypted messages beyond their system. On the other hand with PGP as their competition perhaps they feel interoperability is not their strength since PGP already does that very well. So close the system and get users to use it because it's easier but then why not just use AES or blowfish or some well known encryption. I don't know about that one.
I trust findnot.com and openPGP the most because then you have the anonymity experts works on your side and your using basically the encrypted email standard. Using a server that resides outside the US might be my only other suggestion for encrypted webmail, of course with PGP it doesn't matter but you may not want to run a local email client for several reasons.
There is also mytrashmail.com which gives you the power of anonymity which in many cases is more powerful than encryption, but it's more useful usually as a way to register to sites you don't want to have your real email or have contact with beyond the short term.
Encrypted IM is also a pretty cool option if you need to talk regularly like that just whatever you use make sure it is a standardized and support encryption no homegrown unproven closed source JUST TRUST US crap.
http://www.thefreecountry.com/security/encryptedemail.shtml
http://www.cryptomail.org/
Here are some more options but I advise reading up on how email encryption really works and about which encryptions are the most widely uses.
The real problem with hushmail is that they use their own encryption and while it's supposedly strong it's very much only useful for emailing other hushmail users.
Encryption overall is slight more complex than just logging in and sending an encryption email. Unlike anonymous surfing such as
anonymouse.org
guardaster.com
the-cloak.com
findnot.com
Now if you are paranoid about your security SIMPLE... GET FINDNOT and start feeling secure. This place goes out of it's way to give you all kinds of anonymity options. You can even pay the bill with an international money order. So far they are the best service I've reviewed. It's not quite as easy to use as the online proxies, but findnot gives you full VPN support meaning ALL you network connections are encrypted including chat, surfing and anything else you do.
For encryption to work with email however it has to be a two way deal. Both parties must be using the same encryption and have the key to read the encryption.
Since the other guy has to use the same service the most popular way to do encrypted email is through PGP. Today OpenPGP exists as a popular open source PGP source. As far as actually using PGP I think it's more or less as easy as downloading a plug in for whatever mail client you use.
Now with PGP you would use a local mail client, not an online mail client, but if you want to communicate to people in general with encryption PGP is the best and probably most secure since it's an open source project not centrally controlled like hushmail.
On the other hand hushmail 1024 bit encryption is more than a little impressive, but since they don't use a standardized encryption that is supported and proven their could be a backdoor or master key in such proprietary encryption. All in all it's far less secure to use non standardized encryption especially for something like email where the person has to use the same encryption as you to read your email.
For simplicity sake or because you are only interested in talking to one or a few certain people through encrypted email I guess the online services are still the most practical. Nothing to worry about deleting or potentially being left on the computer because it's a local email client, so that helps some.
Something like cryptomail or other competing products are superior to hushmail for using standardized encryption. In cryptomails case they use AES which isn't all that, but it's beyond what hackers have ever broken. I think the most realistic crack on encryption stopped at around 56 bit encryption. In like 1997 some people broke it using brute force attacks, but anything beyond that or even remotely close to 128 is not breakable with brute force and todays computers. Some day it will be of course, but by then they will just upgrade the bit level of the encryption or such.
Anyway ONE more thing. Don't bother even using encryption unless you have a well generated password. Do not use a straight password. Different services will have different approaches. The RIGHT way to do it is to have a nice long pass phrase that the page generates a password from. If you use a straight phrase as a password your encryption becomes exponentially easier to crack because the predictability of using words is great. A password for secure purposes needs to basically be random letters, numbers, symbols and caps on some and off some. The pass phrase generators will do this for you. Many websites function as password generators if the encrypted webmail site doesn't for it for you.
So when looking for your ideal email encryption ensure that it uses a standardized encryption. It will usually say somewhere if it does because that is considered a major feature. If it doesn't that it is probably less secure. However I kind of doubt hushmail isn't secure enough for your purposes. It's not like you are FBI target number 1 and they are going to commit some great conspiracy to spy on you through hushmail. Though I admit hushmails business model is questionable since they seem to not want people to email encrypted messages beyond their system. On the other hand with PGP as their competition perhaps they feel interoperability is not their strength since PGP already does that very well. So close the system and get users to use it because it's easier but then why not just use AES or blowfish or some well known encryption. I don't know about that one.
I trust findnot.com and openPGP the most because then you have the anonymity experts works on your side and your using basically the encrypted email standard. Using a server that resides outside the US might be my only other suggestion for encrypted webmail, of course with PGP it doesn't matter but you may not want to run a local email client for several reasons.
There is also mytrashmail.com which gives you the power of anonymity which in many cases is more powerful than encryption, but it's more useful usually as a way to register to sites you don't want to have your real email or have contact with beyond the short term.
Encrypted IM is also a pretty cool option if you need to talk regularly like that just whatever you use make sure it is a standardized and support encryption no homegrown unproven closed source JUST TRUST US crap.
Last edited:
Jesusbuiltmygro
Member
I don't personally have a need for encrypted webmail, but I think after doing this little bit of research one of the direction you should probably look into is a OpenPGP based webmail. I figured they existed, but I just did a google search and got some hits. The interfaces are likely to be primitive compared to hotmail (like hushmail was) but with OpenPGP you can talk to a lot more people and with a very mature platform.
Jesusbuiltmygro
Member
Hehe yea long post but a lot of people don't know much about encryption so I try to post something in somewhat layman's terms but with some tech background.
Anyway it isn't as complicated as it may sound.
Here is another option that lets you use gmail with PGP encryption.
http://www.freenigma.com/
That should be the best of both worlds. If you could find a good PGP or OpenPGP or gnuPGP webmail or plugin for firefox it should be just as easy as installing it and then using webmail or just using cryptomail.org or other competing products. Like I said I don't use email for that so I don't know which product is exactly the best to recommend but cryptomail should be pretty much fool proof, though keep in mind you could only possible send to other people using the same encryption. PGP is the best for getting a larger group of people together I think or for supporting secure communication in general. However for some reason PGP webmail doesn't seem to be a popular concept though it's out there.
Hmms secure mail through a cultivation magazine... sounds safe to me
haha I think we would be better off if gypsy didn't put his name on the security service... oh well. Will have to see how he does that one before I can not recommend it more.. heh.
He SHOULD USE PGP if he is listening or rather start a for profit service not related to this site. Outsource security for the sake of security and plausible deniability for everyone and then very subtly leak the site to the forum. He should do a surfing and email system and NOT make it part of the site. Consolidate and outsource the security problem. It's the smart and safe way to handle it. A monolithic operation will simply fall that much harder and potentially contain more sensitive information at any given time increasing liability. Especially when people have a false sense of security.
If you don't have findnot.com or a similar service don't spend too much time worrying about the other crap because if they want you they can get you. If your not hiding your IP then it's all reasonable traceable back to you anyway even if it's encrypted.
For the sake of simplicity perhaps you could use a wireless hotspot or the neighbors wireless at least when checking your encrypted mail if it's truly that sensitive. The problem with encrypted mail is that nobody has it. Kind of makes more sense to be anonymous and then just use normal mail in a lot of ways its more practical, but for super sensitive stuff that might have personal info in it encrypted email is nice. I recommend both.. it's money well spent if you are a citizen of the police state or UK which is the most spied upon nation in the world.
Anyway it isn't as complicated as it may sound.
Here is another option that lets you use gmail with PGP encryption.
http://www.freenigma.com/
That should be the best of both worlds. If you could find a good PGP or OpenPGP or gnuPGP webmail or plugin for firefox it should be just as easy as installing it and then using webmail or just using cryptomail.org or other competing products. Like I said I don't use email for that so I don't know which product is exactly the best to recommend but cryptomail should be pretty much fool proof, though keep in mind you could only possible send to other people using the same encryption. PGP is the best for getting a larger group of people together I think or for supporting secure communication in general. However for some reason PGP webmail doesn't seem to be a popular concept though it's out there.
Hmms secure mail through a cultivation magazine... sounds safe to me
haha I think we would be better off if gypsy didn't put his name on the security service... oh well. Will have to see how he does that one before I can not recommend it more.. heh. He SHOULD USE PGP if he is listening or rather start a for profit service not related to this site. Outsource security for the sake of security and plausible deniability for everyone and then very subtly leak the site to the forum. He should do a surfing and email system and NOT make it part of the site. Consolidate and outsource the security problem. It's the smart and safe way to handle it. A monolithic operation will simply fall that much harder and potentially contain more sensitive information at any given time increasing liability. Especially when people have a false sense of security.
If you don't have findnot.com or a similar service don't spend too much time worrying about the other crap because if they want you they can get you. If your not hiding your IP then it's all reasonable traceable back to you anyway even if it's encrypted.
For the sake of simplicity perhaps you could use a wireless hotspot or the neighbors wireless at least when checking your encrypted mail if it's truly that sensitive. The problem with encrypted mail is that nobody has it. Kind of makes more sense to be anonymous and then just use normal mail in a lot of ways its more practical, but for super sensitive stuff that might have personal info in it encrypted email is nice. I recommend both.. it's money well spent if you are a citizen of the police state or UK which is the most spied upon nation in the world.
Gmail is anonymous and masks your IP address. Its not encrypted but if no one can prove where the email came from thats just as good.
badboyg said:
No matter who its from what I said is still true. Gmail masks your IP address and is one of the few anon free email providers out there.
G
Guest
Sorry, I don't trust Google. I've had gmail for a long time, but I only log in to my "canna" account using a proxy server. Google is known to track users and voluntarily turn info over to the "authorities".
Here's a quote from Hushmail's FAQ: "Hush uses industry standard algorithms as specified by the Open PGP standard (RFC 2440) to ensure the security, privacy and authenticity of your email." I've used Hush for a long time and am very happy with their service and security - especially since it's free!
Added - I read on the page today that Hush is using 2048 bits now for encryption instead of 1024.
Keep bringing the info - I love this! Thanks!
Here's a quote from Hushmail's FAQ: "Hush uses industry standard algorithms as specified by the Open PGP standard (RFC 2440) to ensure the security, privacy and authenticity of your email." I've used Hush for a long time and am very happy with their service and security - especially since it's free!
Added - I read on the page today that Hush is using 2048 bits now for encryption instead of 1024.
Keep bringing the info - I love this! Thanks!
Last edited:
thats what ,,it seems,, I am learning,,, not good,, thanks all//
OK,, no secure email.. so whats the "best" way to stay low and hidden much as possiable, I need to communicate with a "vendor" on a missing order, they require you do so over email... I am not liking this at all darn it!!
OK,, no secure email.. so whats the "best" way to stay low and hidden much as possiable, I need to communicate with a "vendor" on a missing order, they require you do so over email... I am not liking this at all darn it!!
