Hi
I'm looking for a way to secure emails with a password so that when it
is recieved at the other end it cannot be opened without the password.
Can anyone help with a suggestion on how this can be achieved whith
some software or any other means.
Peter
On comp.mail.misc, in
<1115979117.084351.322790@z14g2000cwz.googlegroups.com>,
"peterhardy@f2s.com" wrote:
> Hi
>
> I'm looking for a way to secure emails with a password so
> that when it is recieved at the other end it cannot be opened
> without the password. Can anyone help with a suggestion on how
> this can be achieved whith some software or any other means.
>
> Peter
>
There's no way to do that. You could encrypt the
contents of the body/attachment(s) and hold the key to
the cipher until it was requested by the right person.
But it would be very difficult to verify the identity
of the person unless they were using a PGP/GPG sig-key
that you had investigated carefully.
And in that case, simply using the encryption
capabilities of the PGP/GPG clients would do the trick.
And that's your solution: Make sure that everyone you
send such mails to has GPG/PGP installed and that you
have carefully investigated their keys.
Remember: Myself or anyone can create a public key-pair in
any name we want, at any time. And the personal information
associated with it could be very accurate. Just takes a little
homework. In this arena you cannot judge a book by its cover.
Nor even the table of contents and the introduction.
AC
--
alanconnor AT earthlink DOT net
Use your real return address or I'll never know you
even tried to mail me. http://tinyurl.com/2t5kp
~
Alan Connor
@newsread1.news.pas.earthlink.net:
> On comp.mail.misc, in
><1115979117.084351.322790@z14g2000cwz.googlegroups.com>,
> "peterhardy@f2s.com" wrote:
>
>> Hi
>>
>> I'm looking for a way to secure emails with a password so
>> that when it is recieved at the other end it cannot be opened
>> without the password. Can anyone help with a suggestion on how
>> this can be achieved whith some software or any other means.
>>
>> Peter
>>
>
> There's no way to do that. You could encrypt the
> contents of the body/attachment(s) and hold the key to
> the cipher until it was requested by the right person.
Alan, you're wrong. There is easily a way. And you even mention it _in
the next sentence!_.
To the OP: Yep, you can encrypt the body of your message with your
favorite encryption method (with varying levels of security and
resistances to various attacks, depending on the algorithm).
> But it would be very difficult to verify the identity
> of the person unless they were using a PGP/GPG sig-key
> that you had investigated carefully.
Now you're simply blinding yourself with your own prejudices. The OP
didn't ask about authentication or non-repudiation. The OP only asked
about encryption of the email using a shared secret. (To the OP: do a
search on Alan's previous postings to see what I mean about his
prejudices).
> And in that case, simply using the encryption
> capabilities of the PGP/GPG clients would do the trick.
Yep, PGP/GPG would fit the bill.
> And that's your solution: Make sure that everyone you
> send such mails to has GPG/PGP installed and that you
> have carefully investigated their keys.
Again, you're assuming a public key system. For symmetric crypto, you
don't care about "their" keys. It's whatever shared secret that you
chose for your encryption that's important.
> Remember: Myself or anyone can create a public key-pair in
> any name we want, at any time. And the personal information
> associated with it could be very accurate. Just takes a little
> homework. In this arena you cannot judge a book by its cover.
> Nor even the table of contents and the introduction.
Again, you're assuming a public key system where the OP appears to be
asking about symmetric crypto.
To the OP: what Alan is talking about is an asymmetric crypto system
which has different capabilities than symmetric crypto. With many public
key/private key systems (like RSA), you have the capabilities of
encrypting the data with the public key of the recipient(s) that you wish
to allow to read the email (cute trick of public key crypto, if you
encrypt it with the public key, you can only decrypt it with the
corresponding private key... which is only held by the recipient, you'd
hope). However, Alan did rightfully point out that the key distribution
problem is an issue. The public key infrastructure tends to rely on some
sort of out-of-band communication of the keys so that they may be
validated by some other mechanism. Two common methods are:
1) You talk to the recipient and have them send you their public key, and
over the phone they tell you a "fingerprint" or hash of the key so that
you can verify that the key is correct. Here is where you can validate
the various fields in the public key (OK, technically all these extra
fields are carried in a certificate, not the key proper), and you can
refuse to accept the key until they are correct (or you simply don't care
about the extra fields).
2) You rely on some "trusted" third party, like Verisign, to have done
sufficient investigation of the recipient and Verisign would then sign
their public key/certificate to lend authority to it. Of course this
method depends on how much you trust Verisign to have done their
homework. If you don't trust Verisign at all, then you can't trust keys
that they've signed either (unless you use some other method to validate
the key). Replace Verisign with eTrust, or your friend of a friend.
It's all the same from your point of view. Simply put, do you trust the
entity which signed the recipient's public key? If you don't trust
_anybody_, then you're left with #1.
On comp.mail.misc, in
Kostur" wrote:
> Alan Connor
> @newsread1.news.pas.earthlink.net:
>
>> On comp.mail.misc, in
>><1115979117.084351.322790@z14g2000cwz.googlegroups.com>,
>>"peterhardy@f2s.com" wrote:
>>
>>> Hi
>>> I'm looking for a way to secure emails with a password so
>>> that when it is recieved at the other end it cannot be opened
>>> without the password. Can anyone help with a suggestion on
>>> how this can be achieved whith some software or any other
>>> means.
>>> Peter
>>
>>
>> There's no way to do that. You could encrypt the contents of
>> the body/attachment(s) and hold the key to the cipher until it
>> was requested by the right person.
>
> Alan, you're wrong. There is easily a way. And you even
> mention it _in the next sentence!_.
>
> To the OP: Yep, you can encrypt the body of your message
> with your favorite encryption method (with varying levels of
> security and resistances to various attacks, depending on the
> algorithm).
>
>> But it would be very difficult to verify the identity of the
>> person unless they were using a PGP/GPG sig-key that you had
>> investigated carefully.
>
> Now you're simply blinding yourself with your own prejudices.
> The OP didn't ask about authentication or non-repudiation. The
> OP only asked about encryption of the email using a shared
> secret. (To the OP: do a search on Alan's previous postings to
> see what I mean about his prejudices).
Christ but you're an idiot: He didn't ask about encryption at
ALL.
_I_ brought up that subject.
He asked if he could keep someone from OPENING a mail, which
is a file.
Look about 30 lines up in what I have quoted from YOUR
post, you drooling moron.
And then take a basic computer science course before
you make a fool of yourself again.
Or don't.
As for my prejudices? What prejudices? I recommend that
he use PGP/GPG.
Plainly, an ESL course would be a good idea too.
I sure hope the OP isn't foolish enough to take any of your
advice. (I assume that further on you at least attempt to
disguise your sophomoric attack as a helpful post.)
You'd obviously have no problems with misleading him
in order to do your mean-old-cunt-with-running-mouth
imitation once again.
But that's up to him.
Time for you to shut your punk mouth:
AC
--
alanconnor AT earthlink DOT net
Use your real return address or I'll never know you
even tried to mail me. http://tinyurl.com/2t5kp
Alan Connor
@newsread2.news.pas.earthlink.net:
> On comp.mail.misc, in
>
> Kostur" wrote:
>
>
>> Alan Connor
>> @newsread1.news.pas.earthlink.net:
>>
>>> On comp.mail.misc, in
>>><1115979117.084351.322790@z14g2000cwz.googlegroups.com>,
>>>"peterhardy@f2s.com" wrote:
>>>
>>>> Hi
>>>> I'm looking for a way to secure emails with a password so
>>>> that when it is recieved at the other end it cannot be opened
>>>> without the password. Can anyone help with a suggestion on
>>>> how this can be achieved whith some software or any other
>>>> means.
>>>> Peter
>>>
>>>
>>> There's no way to do that. You could encrypt the contents of
>>> the body/attachment(s) and hold the key to the cipher until it
>>> was requested by the right person.
>>
>> Alan, you're wrong. There is easily a way. And you even
>> mention it _in the next sentence!_.
>>
>> To the OP: Yep, you can encrypt the body of your message
>> with your favorite encryption method (with varying levels of
>> security and resistances to various attacks, depending on the
>> algorithm).
>>
>>> But it would be very difficult to verify the identity of the
>>> person unless they were using a PGP/GPG sig-key that you had
>>> investigated carefully.
>>
>> Now you're simply blinding yourself with your own prejudices.
>> The OP didn't ask about authentication or non-repudiation. The
>> OP only asked about encryption of the email using a shared
>> secret. (To the OP: do a search on Alan's previous postings to
>> see what I mean about his prejudices).
>
> Christ but you're an idiot: He didn't ask about encryption at
> ALL.
True, the OP didn't specifically ask about encryption by name. The
method was left up to interpretation. The OP simply asked about password
protecting an email. Encryption does seem to be the best fit, while
fitting within the traditional expectations of an email system.
> _I_ brought up that subject.
Sure, you were the first to mention the word encryption.
Congratulations. Pat yourself on the back. Would you like a lollipop
too?
> He asked if he could keep someone from OPENING a mail, which
> is a file.
Not necessarily. The email may be contained within a file with other
emails. Or, the email may be contained within a database system. The
other emails that the recipient has received may or may not be "password
protected" (or may be "password protected" with different passwords). As
a result password protecting a file (which is what you appear to be
suggesting, even if you don't come right out and say it, and if it isn't,
why bother trying to draw some sort of parallel between emails and
files?) would be unneccesarily (and possibly undesirably) appyling the
"password protection" to unrelated emails.
> Look about 30 lines up in what I have quoted from YOUR
> post, you drooling moron.
>
> And then take a basic computer science course before
> you make a fool of yourself again.
Sorry, I have no confidence in your qualifications (neither do I know
your qualifications, nor do I care) to make this sort of determination.
> Or don't.
>
> As for my prejudices? What prejudices? I recommend that
> he use PGP/GPG.
I leave the interpretation of whatever prejudices you may be perceived to
have up to whomever cares to look up your posting history.
[snip]
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
--=_mimegpg-commodore.email-scan.com-31534-1116007835-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Andre Kostur writes:
> Beavis
> @newsread2.news.pas.earthlink.net:
>
>> And then take a basic computer science course before
>> you make a fool of yourself again.
>
> Sorry, I have no confidence in your qualifications (neither do I know
> your qualifications, nor do I care) to make this sort of determination.
Oh, but you should. It's cheap comedy. Beavis is our village idiot:
http://angel.1jh.com/nanae/kooks/alanconnor.shtml
And if you want to shut him up, just ask Beavis any one of the following
questions:
FAQ: Canonical list of questions Beavis refuses to answer (V1.20)
This is a canonical list of questions that Beavis never answers. This FAQ is
posted on a semi-regular schedule, as circumstances warrant.
For more information on Beavis, see:
http://angel.1jh.com/nanae/kooks/alanconnor.shtml
Although Beavis has been posting for a long time, he always remains silent
on the subjects enumerated below. His response, if any, usually consists of
replying to the parent post with a loud proclamation that his Usenet-reading
software runs a magical filter that automatically identifies anyone who's
making fun of him, and hides those offensive posts. For more information
see question #9 below.
============================================================ ================
1) If spammers avoid forging real E-mail addresses on spam, then where do
all these bounces everyone reports getting (for spam with their return
address was forged onto) come from?
2) If your Challenge-Response filter is so great, why do you still munge
when posting to Usenet?
3) Do you still believe that rsh is the best solution for remote access?
(http://tinyurl.com/5qqb6)
4) What is your evidence that everyone who disagrees with you, and thinks
that you're a moron, is a spammer?
5) How many different individuals do you believe really post to
comp.mail.misc? What is the evidence for your paranoid belief that everyone,
except you, who posts here is some unknown arch-nemesis of yours?
6) How many times, or how often, do you believe is necessary to announce
that you do not read someone's posts? What is your reason for making these
regularly-scheduled proclamations? Who do you believe is so interested in
keeping track of your Usenet-reading habits?
7) When was the last time you saw Bigfoot (http://tinyurl.com/23r3f)?
8) If your C-R system employs a spam filter so that it won't challenge spam,
then why does any of the mail that passes the filter, and is thusly presumed
not to be spam, need to be challenged?
9) You claim that the software you use to read Usenet magically identifies
any post that makes fun of you. In http://tinyurl.com/3swes you explain
that "What I get in my newsreader is a mock post with fake headers and no
body, except for the first parts of the Subject and From headers."
Since your headers indicate that you use slrn and, as far as anyone knows,
the stock slrn doesn't work that way, is this interesting patch to slrn
available for download anywhere?
10) You regularly post alleged logs of your procmail recipe autodeleting a
bunch of irrelevant mail that you've received. Why, and who exactly do you
believe is interested in your mail logs?
11) How exactly do you "enforce" an "order" to stay out of your mailbox,
supposedly (http://tinyurl.com/cs8jt)? Since you issue this "order" about
every week, or so, apparently nobody wants to follow it. What are you going
to do about it?
12) What's with your fascination with shit? (also http://tinyurl.com/cs8jt)?
--=_mimegpg-commodore.email-scan.com-31534-1116007835-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBChO2bx9p3GYHlUOIRArVTAJ0ZyDzIFUdmuA3x3A3EnTOKI4112gCe J3OF
jqQTq1b0/a1R6mHRjL8KyIU=
=pTUM
-----END PGP SIGNATURE-----
--=_mimegpg-commodore.email-scan.com-31534-1116007835-0001--
Sam
news:cone.1116007835.208404.31534.500@commodore.email-scan.c om:
> Andre Kostur writes:
>
>> Beavis
>> @newsread2.news.pas.earthlink.net:
>>
>>> And then take a basic computer science course before
>>> you make a fool of yourself again.
>>
>> Sorry, I have no confidence in your qualifications (neither do I know
>> your qualifications, nor do I care) to make this sort of
>> determination.
>
> Oh, but you should. It's cheap comedy. Beavis is our village idiot:
[snip]
While you may enjoy poking at Mr. Connor any opportunity you get, I prefer
to stick within the topic. None of those FAQ questions really have no
bearing on the topic at hand, so why bother even mentioning them? I was
already aware of that list before posting, and if any of the questions had
any relevance, I would have already asked them.....
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
--=_mimegpg-commodore.email-scan.com-31534-1116009939-0002
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Andre Kostur writes:
> While you may enjoy poking at Mr. Connor any opportunity you get, I prefer
> to stick within the topic.
If you are already aware of Beavis, then you should know how vain your
attempt to do that would be.
> None of those FAQ questions really have no
> bearing on the topic at hand, so why bother even mentioning them?
A brief reminder never hurts.
--=_mimegpg-commodore.email-scan.com-31534-1116009939-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBChPXTx9p3GYHlUOIRAr1aAJ9SDYXtj586mQG/h66IReL2aSWAUwCf Sl+k
qUYvAulp8CherXvxT8i1Hq0=
=+PfZ
-----END PGP SIGNATURE-----
--=_mimegpg-commodore.email-scan.com-31534-1116009939-0002--
On Fri, 13 May 2005 15:58:30 GMT, Alan Connor
>
> And then take a basic computer science course before
> you make a fool of yourself again.
Yeah! Alan is the only person here that's allowed to be stupid without prior
training.
--
_________________________________________
NetworkElf: Super Genius, Computer Guy, Harley Owner!
Blindly serving the covert purposes of the
criminal-minded maniac behind Spews since 2003.
Certified since 2005.
On Fri, 13 May 2005 13:45:33 -0500, Sam
>> None of those FAQ questions really have no
>> bearing on the topic at hand, so why bother even mentioning them?
>
> A brief reminder never hurts.
>
Please add the Beavis mantra: "Sticks and stones will break my bones, but
facts will never sway me."
--
_________________________________________
NetworkElf: Super Genius, Computer Guy, Harley Owner!
Blindly serving the covert purposes of the
criminal-minded maniac behind Spews since 2003.
Certified since 2005.
Alan Connor wrote:
> On comp.mail.misc, in
>
> Kostur" wrote:
>
>
>
>>Alan Connor
>>@newsread1.news.pas.earthlink.net:
>>
>>
>>>On comp.mail.misc, in
>>><1115979117.084351.322790@z14g2000cwz.googlegroups.com>,
>>>"peterhardy@f2s.com" wrote:
>>>
>>>
>>>>Hi
>>>>I'm looking for a way to secure emails with a password so
>>>>that when it is recieved at the other end it cannot be opened
>>>>without the password. Can anyone help with a suggestion on
>>>>how this can be achieved whith some software or any other
>>>>means.
>>>>Peter
>>>
>>>
>>>There's no way to do that. You could encrypt the contents of
>>>the body/attachment(s) and hold the key to the cipher until it
>>>was requested by the right person.
>>
>>Alan, you're wrong. There is easily a way. And you even
>>mention it _in the next sentence!_.
>>
>>To the OP: Yep, you can encrypt the body of your message
>>with your favorite encryption method (with varying levels of
>>security and resistances to various attacks, depending on the
>>algorithm).
>>
>>
>>>But it would be very difficult to verify the identity of the
>>>person unless they were using a PGP/GPG sig-key that you had
>>>investigated carefully.
>>
>>Now you're simply blinding yourself with your own prejudices.
>>The OP didn't ask about authentication or non-repudiation. The
>>OP only asked about encryption of the email using a shared
>>secret. (To the OP: do a search on Alan's previous postings to
>>see what I mean about his prejudices).
>
>
> Christ but you're an idiot: He didn't ask about encryption at
> ALL.
Time for your injection Alan.
>
> _I_ brought up that subject.
>
> He asked if he could keep someone from OPENING a mail, which
> is a file.
>
> Look about 30 lines up in what I have quoted from YOUR
> post, you drooling moron.
Don't be so hard on yourself Alan.You couldn't help being born subnormal.
>
> And then take a basic computer science course before
> you make a fool of yourself again.
I will be referring you for anger management classes.
>
> Or don't.
>
> As for my prejudices? What prejudices? I recommend that
> he use PGP/GPG.
>
> Plainly, an ESL course would be a good idea too.
>
> I sure hope the OP isn't foolish enough to take any of your
> advice. (I assume that further on you at least attempt to
> disguise your sophomoric attack as a helpful post.)
>
> You'd obviously have no problems with misleading him
> in order to do your mean-old-cunt-with-running-mouth
> imitation once again.
>
> But that's up to him.
>
> Time for you to shut your punk mouth:
If you don't stop this abusive behaviour Alan i'll have to use the
straight jacket.
>
>
>
>
> AC
>
Andre Kostur wrote:
> Alan Connor
> @newsread2.news.pas.earthlink.net:
>
>>_I_ brought up that subject.
>
>
> Sure, you were the first to mention the word encryption.
> Congratulations. Pat yourself on the back. Would you like a lollipop
> too?
Please do not offer lollipops to Alan .You know how he likes to stick
them up his **** and suck the **** off.