I wrote a while back about free OpenPGP email encryption using GnuPG, and how you could litterally take any e-mail service you used and secure it using PGP encryption. For some of you, having to download, install and configure something like that is too hard. Some of you may just be lazy, others not very technically savvy, either way, there is an even easier option available to you.
There is a free, secure, web-based e-mail service that offers secure OpenPGP e-mail. It is called Hushmail, and it is completely free to use. All encryption and decryption is done on the fly and completely transparent to you, so you don't have to think too hard about it. If someone you know uses PGP, you can upload their public key to the hushmail server using HushTools, and likewise, PGP users can download your public key so the two of you can send secure encrypted e-mail back and forth.
"But if anyone can download your public key, how secure is it?" As I mentioned before when talking about GnuPG, OpenPGP uses PKI, or public key infrastructure which according to Wikipedia is very secure since it, "...enables the parties in a dialogue to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance, or even any prior contact." In short, you don't have to worry about the "password" being intercepted on the way to your partner because no secret password even needs to be transferred in the first place.
One cool feature that Hushmail offers, that regular GnuPG doesn't though, is the ability to transmit a secret message to someone without them having to even use PGP. If the two of you establish a secret question and answer, you can send someone a message that they can decrypt later by answering the prearranged secret question. They call that kind of cryptography, secret key cryptography which isn't as secure as PKI, but it's better than nothing.
So quit sending your e-mail on virtual post cards so wrong people don't read you're e-mails, and start sending them in virtual envelopes, envelopes made with strong encryption.
May 25, 2007
Encrypted E-mail for the Non-Savvy
10:24 AM
Paul B