Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Encryption Question

  1. #1
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default Encryption Question

    Hey Everyone,

    I don't post often but I have done a good amount of research on this and wanted to get some other opinions on this topic.

    If you were to use email encryption would you trust TLS exclusively?

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    For end to end encryption? I'd go with PGP or GPG.

    I'm pretty sure TLS would be client to server only with no guarantee of inter-server (server-server) use.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    I can't remember what TLS is (there's so many initialisms to remember in cryptography!).

    What I can tell you though is that I use the Enigmail plug-in for Thunderbird, which makes use of OpenPGP as far as I know. It's fantastic.

    I trust OpenPGP, I can tell you that much. I'm not aware of a better encryption suite than OpenPGP.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Virchanza View Post
    I can't remember what TLS is (there's so many initialisms to remember in cryptography!).
    TLS = Transport Layer Security
    (Unless I'm missing something)
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    13

    Default

    you are correct thorin.

    I agree for end to end encryption, PGP or GPG is the way to go!

    I've been having a debate with someone about TLS. I was always under the impression that TLS was just what it says (Transport Layer Security). I did not think TLS did any type of content encryption. Basically creating a secure path for the email to travel, but the actual content was not encrypted. The person on the other end of the debate is trying to say otherwise. I could be completely wrong on this, which is why I was hoping someone with more knowledge would correct me if wrong.

    Thanks in advance for anything shared.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    TLS is just like SSL (in fact you'll notice it as an alternative to SSL in your browser settings). You get an encrypted "tunnel" between you (as the client) and the server you're communicating with (your local Exchange server or whatever). Since email is different than HTTP ... you send an email to your server which sends it to another server and so on and so forth until a client on the far end retrieves it from their local server .... TLS would only encrypt your initial client to server connection (and the content as it crosses that connection).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Thorin has it right, TLS is used to encrypt an SMTP session between a SMTP client (which could be a email client or an SMTP server) which is sending an email message, and an SMTP server which is receiving it. It encrypts the transport only and not the message contents.

    Lets take an example where I am sending a message from an email server to my friend who has an account with an isp. The email is sent from my email client, to my SMTP server, from my SMTP server to my friends SMTP server, from that SMTP server to a pop3 server, and my friend then retrieves the email from that pop3 server. If my email client and my SMTP server support TLS and use it for the communication, the email will travel over an encrypted tunnel between the systems. Its the same deal when the email is sent between the two SMTP servers, if both servers support TLS and use it for the session, the email will be sent over an encrypted channel for this part of the communication. And of course when the email is retrieved via POP3, that session wont be encrypted unless secure POP3 is used

    The basic deal with TLS is the email is only protected from eavesdropping and modification for the parts of its travel where is moving over the network and TLS is being used. So all of the email servers along the communication path will have access to the plaintext of the message when TLS is used, and anyone doing network sniffing on the parts of the network that haven't made use of the TLS will also have access. GPG or PGP encrypt the message contents, so assuming the key is secure only the sender and recipient will have access to the plaintext.

    That being said, GPG and PGP also has key management issues that make it more difficult to implement on larger scales, and TLS is relatively easy to do.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    10

    Default

    Quote Originally Posted by thorin View Post
    For end to end encryption? I'd go with PGP or GPG.

    I'm pretty sure TLS would be client to server only with no guarantee of inter-server (server-server) use.
    Thorin, is there anyway you can help me get a PGP? I just spent the last two days looking for one but all i could get is a 30 days trial; and from what i've heard PGP has one of the best if not the best Encryption there is.
    Thanks

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by phen1x View Post
    Thorin, is there anyway you can help me get a PGP?
    Try here
    WHERE TO GET PGP (Pretty Good Privacy)
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    10

    Default

    that was fast
    THANKS A LOT

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •