Advice from The Times

Steve Mynott steve at tightrope.demon.co.uk
Fri, 17 Apr 1998 14:31:09 +0100 

Dr Keyboard seems to misunderstand public keys... Thanks to "Need to Know"
for this.. some light relief for Friday pm!

http://www.sunday-times.co.uk:80/news/pages/Wednesday-Times/timintint01007.html?1063974 using (cypherpunks/cypherpunks account of course)

Q: How secure is e-mail? I want to send a moderately sensitive
document to the US, and one option is to include it as an attachment
to an e-mail. What is the risk of interception either deliberately or
by accident? I assume that the file must exist, at least for a finite
time, on my ISP's server and also on the server of the recipient's ISP
- but how long does it stay there (and presumably remain vulnerable to
being read)? What really happens when the recipient deletes it?
  
A: Anyone with enough knowledge and the right equipment could
intercept e-mail messages as they pass around the Internet. In
practice, tapping the right line at the right time to intercept yours
would be very difficult indeed, but not impossible. There is the
chance of casual interception, but it's not high. That said, there are
a number of free and paid-for programs which will allow you to encrypt
the information you're sending, so it can only be read by someone with
the appropriate digital "key''. I sometimes use and can recommend PGP
- Pretty Good privacy - which works by using two keys, one public and
one private. Do a search in Yahoo! on PGP and you'll find any number
of implementations and programs providing friendly front ends to what
can be a difficult subject to grasp. The only problem with all such
programs is that the person at the other end must have the key to
decrypt your message, of course, and if you send that via clear e-mail
in the first place that could be intercepted, although you could send
it on a floppy disk via a secure carrier such as Federal Express. If
this is the sort of thing you do on a regular basis, you could think
about setting up a secure FTP (File Transfer Protocol) site which can
only be accessed by those with the appropriate user names and
passwords. Talk to your Internet Service Provider about this service.

-- 
pub  1024/D9C69DF9 1997/10/14 Steve Mynott <steve@tightrope.demon.co.uk>