Ask Slashdot: Cryptography in Mail software? 201
Bartmoss asksL:
"Obviously, nobody will use encryption if two problems
occure: (a) your friends won't be able to read your mail
because they don't have crypto, and (b) your software
doesn't have crypto. I'm wondering - are there good HOWTO's
and info sites on how to plug encryption into leading mail
software for UNIX, Mac and Windows? What Windows-Software
supports PGP, and which can have PGP support added? Does
anybody have information on clients people could use for
crypted mails?"
forget MUA, go MTA (Score:1)
http://www.home.aone.net.au/qualcomm/
and I think it's GPL'd. While it's not as good a solution if you just want to encrypt your mail to 1 or 2 others, it's a much better mass solution if you are the admin for a mail domain. I urge you to start using it.
--sam
MH is pretty key, yes, it is ... (Score:1)
Kids: I know that a lot of you are pretty young. If you don't mind a bit of advocacy from an old fart, learn MH. Like many enduring things in the UNIX world, there is a reason that it has stuck around -- it works. elm and mutt (really what elm should be) are good, pine is good, albeit basic. But you should look at MH. Imagine being able to do anything that you can think of from the command line while working on other things. No shelling out, nothing. exmh allows you to do all of this in X. MH and exmh are both rock solid and very rewarding, and they both give you that nice feeling after a while that this really is The Right Thing.
Here are some URLs:
http://www.ics.uci.edu/~mh/book/ for a basic website.
ftp://ftp.gw.com/pub/people/jpeek/mh/book-ps/ is the book, still updated regularly, and a very good read. Pull it down and read it.
http://www.ics.uci.edu/~mh/book/mh/senove.htm#S
OK that is it for advocacy on this fine morning. The birds are singing, the s70s are at 2-3 (loafing, my children, loafing), and I think that I will go show the mainframers what REAL coffee tastes like.
Have fun. 'Cause if it ain't fun, you're doing it wrong (this can be applied to many things
Don't forget GPG aka GnuPG aka GNU Privacy Guard (Score:2)
should be talking about GPG instead of PGP
GPG aka GnuPG aka GNU Privacy Guard
fully openPGP compatible
http://www.d.shuttle.de/isil/gnupg/
http://www.gnupg.org
there is even a wrapper for compatibility with
pgp 2.6
http://www.nessie.de/mroth/pgpgpg/
mailcrypt (Score:2)
is an excellent tool for integrating PGP
support. Also, the original author, Pat LoPresti,
is a nice guy.
Bahhhhhhhhhh! Just Do What I Do! (Score:2)
VOILA! One secure email!
ln -s mutt asdf (Score:1)
telnet mailhost 25 (Score:1)
---
Re:MH is pretty key, yes, it is ... (Score:1)
That's my recipe! And I'm what you might consider a "kid" ;-).
It's amazing what one can do with these programs and the basic Unix toolkit-- shell scripts, the command line utilities, cron and at.
---
Mew (Score:1)
Of course, one could remap it. But figuring out how to tweak an email agent is a waste of time unless you're already decided on it.
---
Re:PGP-aware SMTP/POP3/IMAP4 proxy? (Score:1)
I assume you mean a proxy that will run on your same machine, and not on the network; otherwise, you're transmitting cleartext on the wires.
---
Re:Could someone explain PGP/Encryption in mail? (Score:1)
Secret key cryptography are systems that use a single secret key both to encrypt and decrypt the message. That is, both the sender and the recipient need to arrange for both to have the secret key, over some kind of secure channel. This approach is not practical to use over the net, since transmitting the key over it would place the users in danger of it being intercepted.
Public/private key cryptography uses a pair of keys: one to encrypt messages, and a second one to decrypt them. This works the following way: suppose you want to send me an encrypted message. What you (or anyone) would have to do is get a copy of my public encryption key (which I could place in an accesible place, like my home page), and use that to encrypt the message. When I receive it, only I can read it, since it can only be decrypted with the private key I keep on a safe computer. Of course, I need to protect my private key from being stolen. But the main point is that I never have to transmit the private decryption key over the net, while my public encryption key can be wholly public.
This is the method used by PGP to encrypt email, by SSH for encrypted logins, and SSL for secure sockets (like when you use a secure web connection). A variant of it is used for PGP signatures (which can, in conjunction with a public key, cryptographically guarantee that some file has not been altered).
---
Re:Eudora plugin available (Score:1)
Re:"Pine" is easier to type (Score:1)
Well... That answers that question. (Score:1)
PGP4Pine (Score:2)
freshmeat [freshmeat.net]. It lets you use PGP seamlessly in Pine. I haven't personally had time to set it up but a bunch of my friends use it and recomend it.
Re:GPG rules (Score:1)
I agree. It installs easily and works perfectly with mutt. I can really recommend it!
Re:Well... (Score:1)
>That's exactly the reason why we all should use encryption for _all_ of our messages.
Eh? Haven't you heard the best way to hide something is to hide it in plain sight?
Re:Well... (Score:2)
I really think you encryption supporters are really operating under a false sense of security. If the goverment really wants to get you, they will. End of story.
Re:Well... (Score:1)
You're right though, it's a chicken and egg problem, you draw attention to yourself when you encrypt email, fortunately I have nothing to hide so attention spent paying attention to my email will protect those who should fear our government.
As for the sense of security, a false sense of security can be better than none at all. I also presume that you are talking about methods other than simply capturing and decrypting emails. If all email was encrypted, I'd feel pretty good that mine weren't the ones that were being focused on for decryption.
Re:here's a few (Score:1)
Mutt (Score:1)
Re:Well... (Score:1)
Wow Those are easy to get! I get one or two a day!
Yes but they still need the passphrase to unlock the message. You can just keep the passphrase to yourself. (take the fifth?) I know you can talk about temp files and swap files and stuff, but if you look at real world examples those things don't usually come into play. If you are really paranoid then you can get the tools to scrub your hd anywhere.
In my opinion it's not the government that would be crippled by crypto it's small time spooks like jealous boyfriends and industrial spys. I think crypto would stop more crime than it would hide!
Re:You simply cannot beat mutt (Score:1)
Re:PGP4Pine (Score:1)
Re:You simply cannot beat mutt (Score:1)
Re:If you don't like the mappings, fix them... (Score:1)
"Free" for non-commercial S/MIME implementation (Score:1)
--
http://www.wholepop.com/ [wholepop.com]
Whole Pop Magazine Online - Pop Culture
An old (may 1996) summary of secure MUAs (etc) (Score:2)
For MUA integration, see Mail User Agent Survey [pgp.net]
here's a few (Score:1)
here's some more stuff,
Search results
59 programs matched your search criteria.
Aegis Shell (16-bit) 3.0.8
Aegis Shell (32-bit) 3.0.8
BetweenUs
Calyspo 3 PGP plugin
Claris Emailer plugin
CryptoEx 1.0b4
Emacs auto-pgp
Encryplet 1.0
Eudora 3.x and 4.x plugin
Eudora plugin
Gibbon PGP Front-End for EPM 1.2
Gui4PGP 2.0
Lock & Key 3.1
MS Outlook 97/98 and Exchange plugin
MS Outlook Express 4 plugin
MacPGP Control 1.0
MailPGP 1.3
Mailcrypt 3.5.3
MandelSteg and GIFExtract 1.0
Mollusc 1.0
PGP Encryptor Interface 1.1
PGP Extension for Microsoft Exchange 1.10
PGP Manager (16-bit) 1.3
PGP Manager (32-bit) 2.2b
PGP QuickFront 1.0
PGP REXX 1.2
PGP Windows 1.1
PGP Winfront (16-bit) 3.1
PGP Winfront (32-bit) 4.0
PGP-PM32 0.7 beta
PGP4Pine (aka PAPP)
PGPClick (16-bit) 2.5
PGPClick (32-bit) 2.5
PGPClip 1.4.4
PGPSort 1.0
PGPn123 (freeware) 1.0 beta 5
PGPn123 (shareware) 1.8
PGPoMAGIC 2.4
PGPsendmail 1.4
PGPtoGUI
PGPwho
PMMail/2 2.0
PgpEudra 1.02
PowerPGP (16-bit) 2.0
PowerPGP (32-bit) 2.20
Private Idaho 2.8b3
Privtool 0.90 beta
Pronto Secure 1.13
QDPGP 2.60
SafeMail 2.0 beta5
Stealth 1.1
WPGP 1.6
WinPGP (16-bit) 4.1
WinPGP (32-bit) 5.0
dirtypgp
elmpgp 2.4pl24
pgp4pine
psMail 1.1
zmail PGP script
Re:I'll get crap for this... (Score:1)
and all of the cool stuff that Microsoft does in
it. With the possible exception of GNUS, Outlook
is the best email client on the planet. Sure, it
has its faults, but if you subscribe to the "my inbox
contains everything in my whole life" school of life
management, then Outlook is about the best there is.
Now, it's far from worth justifying Windows, which
is why I sue the mighty pine, but everyone should at least
give it a shot and see what neat stuff they have.
Re:PGP4Pine (Score:1)
I am convinced there must be some added functionality but I am unaware of it and would love to find out what it is.
Re:Well... (Score:1)
Secure hash functions are a VERY important topic but the fact that you only have 160 bits is irrelevant.
Re:PGP4Pine (Score:1)
my new opinion is that it is a security hole to send your encrypted email to the government.
You must not have looked very hard... :) (Score:1)
http://www.mutt.org/doc/manual/ma nual-6.html#move [mutt.org]
move
Type: quadoption
Default: ask-no
Controls whether you will be asked to confirm moving read messages from your spool mailbox to your $mbox mailbox, or as a result of a mbox-hook command.
"set move=no" will do exactly what you want.
If you don't like the mappings, fix them... (Score:2)
You simply cannot beat mutt (Score:3)
Insofar as unix is concerned, you simply cannot beat mutt ( http://www.mutt.org/ [mutt.org]) for a pgp-aware mailer.
If you're currently using either pine or elm, you're doing yourself a serious disservice not looking at mutt. It's easier, more flexible, and more powerful than any of the alternatives.
PGP support is top-notch and native, for both v2 and v5 pgp. Highly recommended.
Re:Bahhhhhhhhhh! Just Do What I Do! (Score:1)
:-)
https://www.mav.net/teddyr/syousif/ [mav.net]
Re:forget MUA, go MTA (Score:1)
https://www.mav.net/teddyr/syousif/ [mav.net]
Re:Q: Is any secure POP-software out there? (Score:1)
fetchmail has an easier way to do it automatically using SSH port forwarding (I have not yet found a seamless implemention)..
There is an implementation of SSL/IMAP, but both clients and server have to follow it.
Note: Same thing with
POP3
and you may want to use SSH port forwarding with NNTP. (which is also in the clear...)
The problem w/ SSH port forwarding is that the server also needs to support SSHD (but if you have control over both machines)....
https://www.mav.net/teddyr/syousif/ [mav.net]
"Pine" is easier to type (Score:1)
In addition, is is difficult to type "mu" without using just one finger.
"pine" on the other hand, can be typed with four fingers (one for each letter), and so can be typed much faster and more easily. That alone makes pine my mailer of choice.
And no, editing my
PGP and IMAP (Score:1)
Does anyone know of a good mail client that supports both IMAP and PGP? Most clients support one or the other.
And Outlook is not an option.
Re:here's a few (Score:1)
Re:PGP and IMAP (Score:1)
Pegasus has nifty mail filtering abilities also.
http://www.pegasus.usa.com/ is the main US site.
Zero Knowledge (Score:1)
Goof (Score:1)
Ishmail has PGP Support! (Score:1)
has a GUI front-end and supports PGP, as well
as well as working with IMAP, POP, and local mail servers, I really like the Automatic filing.
Check it out at http://www.ishmail.com
WDM
As a Windows Mail Program... (Score:1)
Re:You simply cannot beat mutt (Score:1)
Definitely more flexible! Show me a thing you can't configure in mutt!
(And you can even set up macros, so it will output old-style PGP attachments for braindead `software' such as MS Outlook.)
/* Steinar */
Re:Can I fake email in mutt? (Score:1)
/* Steinar */
Cool Winblows Mailer Program (Score:1)
Re:You simply cannot beat mutt (Score:1)
You're mistaken. Mutt isn't built upon anything but mutt.
--
Ian Peters
Re:You simply cannot beat mutt (Score:1)
--
Ian Peters
Re:Well... (Score:1)
Re:Can I fake email in mutt? (Score:1)
Outlook & PGP (Score:2)
PGP, and I use exmh and GnuPG, and they interoperate
great!
Re:Don't forget GPG aka GnuPG aka GNU Privacy Guar (Score:1)
Technically speaking, I have to wholeheartedly agree that PGP is superior to PGP in just about every way. Unfortunately, there is one mighty drawback:
It's not reverse compatible with the old pgp 2.62 keysets out there. That sucks.
(also the fact that /usr/local/bin/gpg is setuid root, but that's minor)
Here's what it looked like when I tried to import my pgp 2.6.2 key. (id 'xxx'ed to protect the innocent)
gpg (GnuPG) 0.9.8; Copyright (C) 1999 FreeSoftware Foundation, Inc.
This program comes with ABSOLUTELY NOWARRANTY.
This is free software, and you are welcome to
redistribute it under certain conditions. See
the file COPYING for details.
gpg: key xxx: unsupported public key algorithm
gpg: key xxxx: no valid user ids
gpg: this may be caused by a missing
self-signature
gpg: Total number processed: 1
gpg: w/o user IDs: 1
Re:pgp 2.6 keys in GPG (Score:1)
The key I have is in fact self signed, it's just that GPG didn't recognize the format, and did a guess that it wasn't self-signed.. :)
I guess that could be considered an unstable failure mode.
SSL imap server (Score:1)
Re:SSL imap server (Score:1)
Re:Well... (Score:1)
Re:Netscape Conspiciously Absent (Score:1)
I used to use this quite a lot when I was using PGP on Windows. For attachments, the simplest thing is just to encrypt the file using PGP of course.
Re:Anybody knows if PGP is available for the Palm? (Score:1)
http://www.pasta.cs.uit.no/~perm/PASTA/pilot/
There was also mention of some work done in US/Canada, for those who live there, in
http://www.imc.org/ietf-open-pgp/mail-archive/m
PGP Links (Score:2)
Re:glad he did it (Score:1)
S/Mime (Score:1)
Re:You simply cannot beat mutt (Score:1)
On exmh's website [beedub.com] there is information on what patches you need to get exmh up and running with PGP or GPG [shuttle.de].
Re:You simply cannot beat mutt (Score:1)
Technological marvels (Score:1)
Text-editor features (Score:1)
Re:PGP4Pine (Score:2)
Re:Moderation (Score:1)
Re:Goof (Score:1)
So long, and thanks for all the ghoti?
(couGH, wOmen, moTIon)
hmmm...SARCASM! (Score:1)
I've wondered about this law (Score:1)
The net has moved backwards from the first days (Score:1)
Email was a simple client where you can scrub the messages through a nice encryptor (Simple double Xor encryption with phrases) that couldnt be cracked easily by a cracker or punk kid. Usenet postings that were offensive were rot13'd and all was joyous.
What about the fact that ALL news readers and IRC clients no longer have a rot13 function?? if everyone used it then the bitching by us old-timers and the paranoid public would be minimal I.E. no chance of a child accidently seeing c00l D00d's latest flame where he tried out the new word F*** every 3 words. You would have to deliberately rot13 it ro read it. encryptors were easy to impliment... pine-- Ahhh a message from my russian commander -- save it as ascii and decrypt. to send? text->encryptor->mail ruskie@ussr.ru but then that was back in the dark ages.... before Point and drool...
(NOTE: I like to point and drool, I use NT for silly things) on the Linux/unix/BSD side the encryption interface is trivial... it's the intentional Abstraction of winblows that was in place to keep you from doing things like encrypting your mail or adding features to software that dont exist yet. (It still can be done.. cut and paste your text, run the win interface to PGP, bla bla bla.... easy as pie
Now if Eudora wanted to rise from the ashes... make a Unix,solaris,linux,Windows,mac,BE,etc... version with a pgp interface built in.... but it wont happen...
Eough of my drivel... where's my old-farts walker..
Re:Well... (Score:1)
Hack the system!!!! (lol)
Re:Well... (Score:2)
That's exactly the reason why we all should use encryption for _all_ of our messages.
Anybody knows if PGP is available for the Palm? (Score:1)
Does anybody know of a Palm version? I'd settle for just being able to *read*
----------
'We have no choice in what we are. Yet what are we,
but the sum of our choices.' --Rob Grant
----------
I'll get crap for this... (Score:1)
mutt (Score:1)
Bandwidth is not necessarily free (Score:1)
Not necessarily. It's free for most people, particulary (I imagine) for people in North America and Europe, but people in other parts of the world don't always have as many options.
The only reason that I'm bothering to write this reply is that the 'bandwidth is free' needs to be challenged. I know of too many people on limited bandwith that keep getting sent things like large attachments because of that assumption.
A month ago, I was paying NZ$3/hour access for 28k - hardly free bandwidth, and the university department where I work gets charged something like NZ$1/Mb.
Roy Ward.
Enigma (Score:1)
Some of you might be interested in a project called Enigma. It is open source, written entirely in Java, and works with just about any e-mail package. Enigma works by being a proxy server decrypting all e-mail and intelligently encrypting e-mail according to who is on your keyring.
Problems (Score:1)
Re:The net has moved backwards from the first days (Score:1)
Also, I believe tin has ROT13, but I've never been a fan of textmode newsreading, for whatever reason.
Sounds like XPK (Score:1)
That's basically what happened with the Amiga's XPK interface. It was originally intended as a general-purpose interface for compression routines. But over time it got to be rather widely used for crypto too. It's really just a general-purpose data-munging API.
Re:Encryption incompatible with antivirus sweepers (Score:1)
Well, actually, it looks more like clueless admins rather than spooks, but I guess you never know. They are virus-scanning at the wrong point.
Re:Well... (Score:1)
PGP For Windows (was Re:PGP4Pine) (Score:1)
This setup won't work with PGP/MIME, (multipart/encrypted), but it will work with inline stuff (you know, the messages that start with "START PGP SIGNED MESSAGE" or whatever it is).
cluebie-freindly windows pgp options... (Score:2)
my suggestion is eudora light 3.0.6, at www.eudora.com [eudora.com]. intutitive interface (remember netscape mail three ugly panes from hell? phooey.) and simple.
then stop by www.pgpi.com [pgpi.com] to pick up your preferred pgp version. 6.0.2 freeware works fine for people in the us. you'll want 6.0.2i (the international version) if you want backward compatibility, though. the great 'client selection wizard' will get most people through.
once you get these two programs up and running exchanging encrypted e-mails is a snap. just click 'encrypt/decrypt' (or sign, or whatever) right in eudora.
good luck. i've always believed that as more and more people use pgp, the 'digital worth' of each pgp-encrypted message increases. please help as many people as possible to download, use, and support pgp. it helps us all.
www.pgpi.com [pgpi.com]
www.pgp.net [pgp.net]
wwwkeys.pgp.net [pgp.net]
PGP (Score:1)
Best Crypro link page (Score:1)
Here it is! [auckland.ac.nz]
Re:here's a few (Score:1)
your subject should have been "here's a deluge"
as someone else noted POST THE URL AND DON'T WASTE MY TIME AND BANDWIDTH !!
if i just had some moderator points now, grrr
-Anthony
Re:Pluggable encryption export control & Java (Score:1)
A set of abstract classes, useless until you bought the corresponding "real" classes, from Sun is the US, or elsewhere (IAIK here in Europe).
Correct me if I'm wrong, but what's different from pluggable encryption in a MUA ?
Re:Well... (Score:2)
160 bits means approx
14600000000000000000000000000000000000000000000
possible.
Re:Well... (Score:1)
Re:Moderation (Score:1)
Encryption incompatible with antivirus sweepers (Score:2)
These systems can't work with encrypted mail (obviously)
Makes you wonder whether the antiencryption spooks are behind the mail viruses, doesn't it ?
No you can't. (Score:1)
PS: If you really feel the need to send a 'fake' e-mail, you can do it the hardcore way, if your up to it... ( warning: only for the truly 3lit3) Okay, here it is, all you need to do is address a postcard to root@127.0.0.1 and drop it into the mail box. Works every time. Sounds simple doesn't it? It's really difficult to trace too!
Hey, have you ever gotten any bounced messages doing this? ;-p
Netscape Conspiciously Absent (Score:2)
Netscape doesn't support PGP encryption. There's been a lot of discussion over at the mozilla crypto newsgroup [mozilla.org] on the hows and whys. Basically, AOL/Netscape's interpretation of the stupid US cryptography export regulations [doc.gov] prevents them from even exposing their API for cryptographic processing. Some folks at NAI volunteered to help out, which elicited some favorable noises on the part of Mozilla, but no visible action. They may be working on it behind the scenes however.
Netscape Messenger owns a huge share of the Internet email client market. The lack of PGP support is a substantial impediment to the widespread adoption of PGP as a standard for Windows email. I'm not too fond of NAI, but I'd like to see this particular product succeed, since it's in such widespread use on Unix.Re:Well... (Score:3)
Encryption is an envelope. I notice that almost all snail mail is sent in envelopes instead of postcards.
I suspect that if most users inherently understood this analogy and the technology underneath, the desire for encryption would be much more widespread.