Email Encryption for Everyone - Hak5 1410.1

Great Segment for me to share with family and friends! I want to suggest that everyone should wait for the popup before they start typing. I doubt Google keeps the autosaves after you send the message but then again...

im glad im not the only one who remembers IDSPISPOPD

I doubt it, but depending on what you are sending you can use password protected compressions or straight up attach truecrypt partition or have a adress with username and password to a private FTP server for sharing files.

Thanks so much for this! I set up my own encryption using the program you recommend. First rate work!

I've been using mailvelope for a short while, and I think it's a pretty good tool. Unfortunately, nobody else in my family, or anyone of my friends would use it too. So, in the end I'm the only person who I would send encrypted messages to :). My closest friends are not such security freaks like me. Most of my families and friends wouldn't care about securing messages at all because encryption requires you to memorize long and complicated passwords, and a few steps for decryption.

FYI's
- Asymmetric encryption is the "public and private key".
- Symmetric encryption is the ' one passphrase to rule it all".
A keyring contains private and public portions of keys.
PGP relies as asymmetric encryption upon key servers, keyserver.pgp.com is still alive even after symantecs buy of PGP Corp as an option.
Since this equals to simply encrypting the body of the mail, of course the mail header and everything else inbetween will be in cleartext.

This is great! There is a Firefox add on called Encrypted Communication 1.3 it allows you to encrypt text and supposedly uses AES 256... It seems to work fine in gmail BUT I was wondering what the HAK5 gurus thought of it.

Only if you didn't use a passphrase - read the docs. The passphrase is the key to a symmetric algorithm which encrypts your private key.

Now all we need is a plugin that will do all that automatically. And some easy to use way to send and recieve the public keys. Something that my parents wouldn't mind using.
Then we might actually get this to become a thing for everyone!

Biggest drawback is losing your key chain. Imagine, not being able to read your nostalgic email from 2005 anymore ; __ ;

Nice, so your final email is encrypted. Now, what about all those drafts of the email that are automatically saved, unencrypted, to Google's servers?

Delete any mail you dont really need. Archive the rest and encrypt it, delete remote copy.
Or run your own mailserver. €12,99 a year for the domain, any e-mail you like as many as you like. Takes one hour of reading and will run on a Raspberry Pi, Alix or Soekris board.

Darren, if I am not mistaken. You use BOA for Banking? Do you generate your own CC#'s?

Great ep! Thanks.

Why are you talking about PGP and then having to use JavaScript as a plug in?

Well, just from using mailvelope: No, your private key isn't store in your gmail, it's stored inside the plugin, but if you are using Chrome then in theory; yes if you believe in the "Chrome is a botnet" theory.

won't google now have your key?

Doom codes lol. Remembered all three.

you both are Awesome :D

Craxy how far we've come in opsec since 2013. If someone told me today that they stored their pgp private keys in their browser I would gasp and immediately show them TAILS. Also crazy that even still today we are still using Thunderbird successfully.....interesting

with the public key, you can only encrypt the message for the recipient, and then with the private key you can decrypt the message to read it.

Hi! Can you show how to encrypt an attachment when your sending an email. Thanks

Darren, where do you get all of your shirts??

Very cool. Thanks.

when you tying on gmail, server saved draft, please encrypted and paste into mail and send .

It probably won't happen, considering that everyone would have to be using the plugin, I've been thinking about a email service that did PGP by default by checking the MIT crypto database if the receiver has PGP public key and alerting the sender if no public key was found (so that you know you are sending to "unsecure" address), I guess a plugin could do the same, but sometimes I don't trust Google...

Encrypted email, accessed through google chrome, and with a public key shared through gmail
LMAO

The only key they may have is your public key. So if they want to encrypt a message to you they can. They wouldn't, but they could.

Wow you look so much younger though it's not recorded not that long ago. Or maybe it's just the picture quality.

Does the mailvelope server keep my private key? If no it won't be convenient when I switch to another computer, If yes my security relays on mailvelope.

If PGP will eventually be cracked, why don't we switch to 8,192-bit or 16,384-bit encryption?

Question: Is there a similar solution that is just as easy for use on Android devices?

That's not really an issue, I mean sure it won't do anything on the server side, but your browser still "sees" it.

Question.
can the attachements sent with an email be encrypted as well? like if I send photos with an email as an attachement. will the photos be encrypted along with the email?

Every encryption will be cracked eventually. The number of bits has less to do with the quality of encryption as does the math behind it. RSA 256 was the encryption to use and was replaces with AES 128, which was for superior. I might of mixed up the RSA and AES, but the bit size is correct.

Thank you....

Shannon lost her box to stand on?

please tell me about: Personal Email Certificate and digital signature etc? what is this?... Is this encryption? too!!?

this is great and all, but what about start phones? i dont know about you but all my emails also go to my phone. is there a way we can do this on ios ( already jail broke if that helps )

Key exchange should be done face 2 face if possible or by other secure means not by email because that can bee snooped and defeats the point of the exercise.

If any one spams you make him an account on those advertise sites.

I got a message from mailvelope to verify my key. Is this a hack or do I have to.

I set up the program via ggl then mailed someone telling them about it (including the link to this video) and then got a a c c o u n t s u s p e n d e d d o m a i n notice! Does that mean that ggl &/or our uncle does not want us sharing this on the net! What to do, now?

Edward Snowden sendt me here

only the public key... and that is whole point of it. It's public, it doesn't matter.

the public key, not private, so they can send them messages but not decrypt their messages

Is it true: "Mailvelope is fine until you discover that your private key is stored locally in an unencrypted SQLite Database."

+1 for Enigmail

If you have a Google account you have no privacy, welcome to the Patriot Act!

don't add js of anything, if it can re-write script do not load it. JS = most dangerous +> hackers paradise. btw cloud- internet same thing.

Galaxkey is free and so much easier to use. And it lets you do free file storage as well!

I know that Domain.com is your sponsor and they give you money, but they suck... You can't even change the TTL values of the DNS records, major buzz kill when I found that out...

Does it encrypt attachments?

IDKFA FTW!

I love Linux = )

Not available in firefox yet :(

Done.

Is this still relevant in 2017?

lol "i totally just used lolz irl"
well you also just used irl irl. lolz!

You Rock I Really liked your clip! I would love to be Duel subscribers when are you making more Videos? #10xTnTrevolution

its only the public key

I have to recommend mymail-crypt. It uses OpenPGP.js and supports signing.

epic

Hi guys, just got a few proDUCKts from your site , thnx.
One question: I know how to use an alfa as wlan1 BUT, what if I want to turn off my internal card (wlan0) and use wlan1 (alfa ) instead . How do i do that on linux?

lol idclip idbehold