Report: Simple methods to better protect private emails
Many people tend to assume that e-mails are the digital equivalent of letters, the content of which is kept in relative privacy inside an envelope. On the contrary, e-mails are more akin to digital postcards: Anyone who gets their hands on a postcard is able to read the written message without any trouble. By the same token, it is possible to intercept e-mails via the servers involved in sending them. Today, users typically leave several GB of old messages on the servers of common e-mail providers – often in plain text with no encryption whatsoever, and mostly without even thinking about it. For the sake of your privacy, it is preferable to regularly clear out old communications or archive them locally if required.
A popular program for encrypting and signing data was written in the US in 1991 by Phil Zimmermann: PGP – short for Pretty Good Privacy. Don’t be fooled by the somewhat lackluster description “pretty good”. PGP is so-called “strong encryption”.
What is PGP?
The technique was developed with the goal of enabling all citizens to exchange encrypted messages, protecting them against access by intelligence agencies. As a consequence of a long license-related law suit, the freeware PGPi was born – a version of PGP available internationally, while PGP itself is now commercial software.
PGP can be used to encrypt messages and files, and also to sign them. A so-called public key method is used: Each participant receives a pair of keys, one of which is public and the other which is private (secret). The private key is your property only and can additionally be password-protected. In order to send an encrypted message, you need the public key. The text message is thus rendered illegible, and from this moment on, only people who have the corresponding private key are able to decrypt it.
Hint: In order to better protect the private key, you can save it on a USB stick for instance.
To ensure that a message has really been sent by the alleged sender and has not been tampered with along the way, a digital signature is also required. To generate this type of “fingerprint”, a cryptographic hash function is applied to the plain-text message, and a digital signature is created using the sender’s private key.
Did you know that much like Emsisoft Anti-Malware’s File Guard relies on its signature database to identify malware, PGP uses a signature to ensure the authenticity of a message’s sender?
When sending a message, a dataset is first created from the plain text and the sender’s signature, and then a (randomly generated) key is applied to this dataset in order to completely encrypt the text. This key enables the recipient to decrypt the message. In order to send the PGP message, the completely encrypted dataset is encoded in ASCII characters. The recipient is of course only able to decrypt the message if they are also using PGP and have access to the randomly generated key.
The public key and your own signature are intended to be shared with other people. Ideally, you would do this in person. The possibility of distributing your own public key via a “key server” may seem appealing. You should keep in mind, however, that doing so also allows spam bots to get their hands on the key.
Hint: When using a “key server”, you should always remember to create a “revocation certificate” so that you can remove your key from this server at any time.
How secure is PGP really?
So-called “brute force” attacks are a technique that involves finding an unknown key simply by using trial and error. For a three-digit combination (0-9), it would take 1,000 attempts maximum – on average, 500 attempts – to crack the code by brute force. Statistically speaking, by increasing the number of digits, it be impossible to crack with even the most powerful computers. Not even the NSA is currently able to crack 4,096 bit keys. Unfortunately, this is purely from a statistical viewpoint. Even with an infinite key length, the probability would never drop to absolutely zero. Theoretically, it’s always possible for a key to be randomly guessed with one of the first attempts.
Interesting Fact: Edward Snowden confirmed during a “Question and Answer” session with “The Guardian” that you really can rely on strong encryption methods if they are correctly implemented.
How can I encrypt my messages with PGP and what requirements are there?
For many e-mail clients such as Thunderbird or Outlook, there are already pre-compiled plugins that facilitate the use of PGP. You should preferably use an e-mail client if the existing web interface only offers unencrypted access to your mailbox. You can of course also encrypt your chat messages manually with PGP in a text editor and then copy these illegible messages into the chat windows of Skype, ICQ, etc.
Detailed instructions on how to setup PGP can be found in numerous places on the Internet.
As a free alternative, many people choose to use OpenPGP to encrypt their data. OpenPGP can, for instance, be used with a free and open-source program called GPG4Win that comes with “Kleopatra”, a certificate manager for creating a new pair of keys. Microsoft Outlook 2003 and 2007 are supported by GPG4Win as long as the feature “GpgOL” is not been disabled during installation. Use with Outlook 2010 however has limitations and is only possible with the latest beta version.
If you prefer working with Mozilla Thunderbird, you should take a closer look at Enigmail OpenPGP. Mozilla has also published an illustrated online guide on the installation and use of this extension.
Your own PC can be a weak point
Often, many dangers are already lurking on your own PC. So-called “Trojans” are a huge security risk; they can be either standalone malicious programs that accidentally find their way on your PC or seemingly useful programs, that in actuality, contain dangerous code. Malicious software can thus take hold of your PC in such a way that dangerous program routines are activated at boot-time without your knowledge. This enables, amongst other things, for your decrypted e-mails and the password for your private key to be logged, thus undermining any protection provided by PGP or OpenPGP.