For end to end encryption? I'd go with PGP or GPG.
I'm pretty sure TLS would be client to server only with no guarantee of inter-server (server-server) use.
Encryption Question
Hey Everyone,
I don't post often but I have done a good amount of research on this and wanted to get some other opinions on this topic.
If you were to use email encryption would you trust TLS exclusively?
For end to end encryption? I'd go with PGP or GPG.
I'm pretty sure TLS would be client to server only with no guarantee of inter-server (server-server) use.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
I can't remember what TLS is (there's so many initialisms to remember in cryptography!).
What I can tell you though is that I use the Enigmail plug-in for Thunderbird, which makes use of OpenPGP as far as I know. It's fantastic.
I trust OpenPGP, I can tell you that much. I'm not aware of a better encryption suite than OpenPGP.
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
TLS = Transport Layer SecurityOriginally Posted by Virchanza
(Unless I'm missing something)
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
you are correct thorin.
I agree for end to end encryption, PGP or GPG is the way to go!
I've been having a debate with someone about TLS. I was always under the impression that TLS was just what it says (Transport Layer Security). I did not think TLS did any type of content encryption. Basically creating a secure path for the email to travel, but the actual content was not encrypted. The person on the other end of the debate is trying to say otherwise. I could be completely wrong on this, which is why I was hoping someone with more knowledge would correct me if wrong.
Thanks in advance for anything shared.
TLS is just like SSL (in fact you'll notice it as an alternative to SSL in your browser settings). You get an encrypted "tunnel" between you (as the client) and the server you're communicating with (your local Exchange server or whatever). Since email is different than HTTP ... you send an email to your server which sends it to another server and so on and so forth until a client on the far end retrieves it from their local server .... TLS would only encrypt your initial client to server connection (and the content as it crosses that connection).
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Thorin has it right, TLS is used to encrypt an SMTP session between a SMTP client (which could be a email client or an SMTP server) which is sending an email message, and an SMTP server which is receiving it. It encrypts the transport only and not the message contents.
Lets take an example where I am sending a message from an email server to my friend who has an account with an isp. The email is sent from my email client, to my SMTP server, from my SMTP server to my friends SMTP server, from that SMTP server to a pop3 server, and my friend then retrieves the email from that pop3 server. If my email client and my SMTP server support TLS and use it for the communication, the email will travel over an encrypted tunnel between the systems. Its the same deal when the email is sent between the two SMTP servers, if both servers support TLS and use it for the session, the email will be sent over an encrypted channel for this part of the communication. And of course when the email is retrieved via POP3, that session wont be encrypted unless secure POP3 is used
The basic deal with TLS is the email is only protected from eavesdropping and modification for the parts of its travel where is moving over the network and TLS is being used. So all of the email servers along the communication path will have access to the plaintext of the message when TLS is used, and anyone doing network sniffing on the parts of the network that haven't made use of the TLS will also have access. GPG or PGP encrypt the message contents, so assuming the key is secure only the sender and recipient will have access to the plaintext.
That being said, GPG and PGP also has key management issues that make it more difficult to implement on larger scales, and TLS is relatively easy to do.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Thorin, is there anyway you can help me get a PGP? I just spent the last two days looking for one but all i could get is a 30 days trial; and from what i've heard PGP has one of the best if not the best Encryption there is.
Thanks
Try here
WHERE TO GET PGP (Pretty Good Privacy)
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
that was fast
THANKS A LOT
Posting Permissions
