How to encrypt your email, and more

So you want to hide email and messages from prying eyes? It’s easy enough to do. Use PGP or one of its many variants to encrypt messages. Some versions, such as the one from PGP Corp., install seamlessly into your email client and are simple to use. Other versions may require geek skills or are command-line based.

PGP was originally invented by Phil Zimmermann as open source based on previous crypto algorithms. Is it secure? The short answer. Yes.

The long answer. PGP code has been examined by crypto experts. No one has been able to find a hole or a way to crack it. 

When used properly, PGP is believed to be capable of very high security. It is widely believed, within the cryptographic community, that — if anyone — only government agencies such as NSA might be capable of directly breaking properly produced, PGP-protected, messages. However, to the best of publicly available information, there is no known method for any entity to break PGP by cryptographic, computational means regardless of the version being employed. In 1996, cryptographer Bruce Schneier characterized an early version as being "the closest you’re likely to get to military-grade encryption" (Applied Cryptography, 2nd ed., p587).

Zimmermann’s version of PGP is now owned by PGP Corp. who make the source code available for all to see. This guarantees transparency and no back doors. They have a freeware version too.

It’s important to note that Phil Zimmermann is a certifiable good guy. From his website.

Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world. … The government dropped its case in early 1996.

Had he been indicted, we would have seen, as Wired Magazine put it at the time, "the first holy war emerging out of the Internet." Seriously. I was there as it happened.

You can now buy the commercial PGP Corp version via Phil.

Freeware PGP has lots of links and versions available.

Steganography
takes crypto one step further. It hides your message in other files. These can be graphics files, MP3s, WAVs, as well as many other formats. The crucial point is, the file appears unchanged! The JPG looks the same, the MP3 plays the same. You can also encrypt your message first, then stego it, giving two levels of protection. The beauty of steganography is – they can’t decrypt your message if they don’t know it’s been encrypted.

StegoArchive has lots of stego programs and info.

SpamMimic is a neat hack. It encodes short messages into output appearing to be gibberish spam. Send it, it looks like spam. Then the receiver decodes it. Works online or you can download a program.

Unless you really, really like cryptic command line utilities, I suggest you steer clear of command line versions of PGP and get a graphic version like that from PGP Corp. Modern versions of PGP generally work fine with each other, meaning you can encode using the PGP Corp. version and your friend can decrypt the same message using a command line version. This is not true of steganography. Both sides will need the same program to successfully encrypt/decrypt.

With modern crypto, no one can read your email unless you want them to.

Tags PGP Encryption Steganography