Did
you know that sending messages through email is analogous to sending
messages through traditional mail using a postcard.
Without the proper security and encryption tools, anyone who is knowledgeable
about network systems and file servers can read the information in your emails.
If you have an Internet Service Provider, they most likely archive a copy of all
emails sent. If these messages are not encrypted, then the administrators
can easily read what is written. In fact, I believe that the University of
Delaware keeps a copy of all email that is sent through the University's
server. So be careful when you send projects that you weren't supposed to
collaborate on through the mail. You never know who may just read
it. Now you are probably saying: “Who cares?
I don’t send anything important in email anyway.”
But you ought to express concern.
You may send personal or classified business information over email. If
you work for a company in the future, managers may want to snoop through
employees email to see what they are writing. Encryption should be a
concern for you, for all your emails.
Since
the 1970's, as the PC evolved, so have methods of email encryption.
Email encryption started out simple but soon was found to contain flaws.
Now email encryption is complex ensuring that access to encrypted
email remains infeasible.
However, bugs spring up from here to there requiring programmers to devise new
methods for encryption.
Email encryption started off as symmetric encryption. Symmetric encryption occurs in this manner. The author of the email creates a pass phrase. The email program generates a string of binary numbers from the pass phrase that is used to encrypt and decrypt the message. The drawback of this method of encryption/decryption is that both the author and the recipient of the message need to know this pass phrase in order to encrypt and decrypt the message. How do you securely send the password to the recipient? With today’s modern day hacking tools, it seems the pass phrase can be cracked in a matter of minutes. This is why symmetric encryption soon became obsolete.
(borrowed from Email
Encryption made Simple)
Whitfield Diffey and Martin Hellman brought about the idea of Asymmetric Encryption, although it was rumored that it was originally brought about by the Britsh Secret Service. Later on a group called RSA brought the idea to the public and to email. This is how it works (this may get confusing): Each user of the email system has two keys, one public key and one private key. A key is a very large number. The public key is easily accessible, but the private key is known only by the user. The keys are mathematically related in some discrete way. If someone wants to write an email, the author would grab the intended recipients public key, which is easily accessible as stated above, and use that to encrypt the message. Then the recipient would use their private key to decrypt the message. You can see a diagram of this paradigm to email encryption below.
(borrowed
form Email
Encryption made Simple)
Digital Signatures are another added feature of email encryption that allows a recipient of the email to know if the email has been tampered with. When an email is created, a sequence of numbers is generated that is unique to the message. This sequence of numbers is called a hash. The hash scrambles up the message into an unreadable format. Once the hash as been created, it cannot be descrambled in order to find the content in the message. Likewise, another message cannot be sent that results in the same hash. The hash is then encrypted using the author’s own private key creating a digital signature. The recipient then uses the author’s public key to decrypt the hash. Here’s the slightly confusing part. Then the recipient decrypts the message that the author sent using the decryption methods stated in the above section, and checks to see if the message they just received creates the same hash as the hash they just encrypted using the author’s public key. Got it? Read it again if you didn't understand. The integration of Digital Signatures into Asymmetric Encryption is called Pretty Good Privacy(PGP), which was first developed by this dude named Phillip Zimmerman.
(borrowed from E-mail
Encryption made Simple)
The government is a bit touchy on the use of PGP. They feel that PGP programs facilitate terrorist organizations and organized criminals who send information electronically, making it difficult for government authorities to intercept the infromtation. As of now PGP creates public keys that are 128 bits in length. The governments standard length of keys in 56 bits. The longer the keys, the harder it is for hackers or governmental security officials (not analogous) to crack the keys. With today's standard of technology, PGP keys are virtually impossible crack. So the PGP remains an issue between national security and personal privacy issues.
|
|
|
|
|
|
Student Project
Last Updated May 11, 2000
"http://www.udel.edu/physics/scen103/BDR/email.htm"
Send comments, suggestions, request to me.
