A still very-nice article on "encryption, and why you should use it" ...
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A still very-nice article on "encryption, and why you should use it" ...
Although written in 1999, this article still has a very good, very pragmatic, way of saying why "ordinary people" should "ordinarily" use encryption in their regular every-day personal and business affairs . . .
The great argument against email encryption, and the reason I don't use it, is that it only works if two people agree to use it between them, and both install the necessary software. I use email mostly for exchanging casual information with friends, none of whom are technically minded, or for mailing lists.
Yes, anytime you want to communicate securely (and/or verifiably) with someone else, you have to make appropriate preparations. But many e-mail clients (on all systems) support the S/MIME standard out-of-the-box, and GPG with a simple plug-in. Once set up, however, the process is entirely transparent.
Believe me, you quickly get used to seeing that confirmation that this-or-that e-mail is authentic ... especially when, one day, you stumble upon a perfectly convincing-looking forgery.
Although written in 1999, this article still has a very good, very pragmatic, way of saying why "ordinary people" should "ordinarily" use encryption in their regular every-day personal and business affairs . . .
Thanks for posting this. It's a good idea, yes, but in my opinon (from my experiments learning how to use PGP mail,) It's pretty cumbersome with it's public and private key requirements. I don't think most folks are going to want to have to deal with all that. That's why I don't choose to use it. Encrypted mail services, such as Proton Mail, make this process a bit easier but from what I have read, it's not as secure as using PGP. Hopefully, a way is developed that can make this super easy for folks but as secure as PGP.
If you tender the message "in the clear," then somebody's got it besides you and the intended receiver.
The S/MIME standard is also a standard, and a good one. Many mail clients support it natively.
Of course I do not send every message encrypted. But, when talking to certain people (such as my spouse or my attorney), everything is encrypted as a matter of routine. And, point being, "it is 'routine.'" The mail client simply looks at the contact that I'm sending to, and sees that I have set it to encrypt that message.
I always digitally sign my emails, and I have certain contacts marked as "a valid signature is expected from this party." If a message comes in from that person and it is not signed, I am immediately warned.
And, yes, I have received an intentionally-forged email. The forger had no way to know that the message was supposed to be signed, and, if he did, of course had no way to do so. The lack of signature was the immediate first warning that the message might be fake. I encrypted the message and forwarded it back to the party, who immediately disclaimed it. And, now being warned that our communications was being eavesdropped-upon, we switched all future exchanges to full encryption.
It baffles me why people are so routinely careful about security with regard to web pages, but they do not pay the slightest bit of attention to e-mails, where they might well discuss very sensitive things. And which they "accept as valid upon-receipt, 'by eye only,'" even though there is no reason for them to do so.
If you tender the message "in the clear," then somebody's got it besides you and the intended receiver.
Possibly the NSA, at the very least?
Quote:
Originally Posted by sundialsvcs
Of course I do not send every message encrypted. But, when talking to certain people (such as my spouse or my attorney), everything is encrypted as a matter of routine.
Which is very wise, I would agree.
Quote:
Originally Posted by sundialsvcs
It baffles me why people are so routinely careful about security with regard to web pages, but they do not pay the slightest bit of attention to e-mails, where they might well discuss very sensitive things. And which they "accept as valid upon-receipt, 'by eye only,'" even though there is no reason for them to do so.
Perhaps a lot of folks out there think their emails are inherently secure to begin with, it would be interesting to take a survey of folks to see what they really think about emailing and privacy.
Perhaps a lot of folks out there think their emails are inherently secure to begin with, it would be interesting to take a survey of folks to see what they really think about emailing and privacy.
As a matter of practical necessity, "letters" are routinely sealed in "envelopes." When you receive the letter, you (of course) find that ... at least, since the mid 1940's ... the letter therein has not been "steamed open" and "scissored."
It still baffles me to receive, say, "a message from Southwest Airlines," that is not "as a matter of course, digitally signed by Southwest Airlines." Likewise, it baffles me that "the ubiquitous GoogleŽ Mail" has never implemented digital-signature validation as a "perfectly routine(!)" part of their service. (They at one time offered encrypted mail, but took it out.)
I would have thought that, very(!) long ago, at least digital signing of e-mail messages would have become "a fairly compulsory business practice."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.