Date: Tue, 21 Oct 1997 00:17:54 -0400 From: Bob Rankin To: TOURBUS@LISTSERV.AOL.COM Subject: TOURBUS - 21 Oct 1997 - Encryption for the Masses _________ ____________ ________ __________ _____________ ___ _ / | / | | / | \ | People of All Ages Wanted for Worldwide Advisory Panel / | \ |__________|__________/__________|__________|___________/ | \ / /______|----\ | We need your advice on a variety of subjects. |//////| | | Weekly $$$ drawings. For more information, |//////| | | Send e-mail to info@AdvisoryPanel.com |//////| | | |//////| | | Or visit |//////| | \________________________________________________________|______|____| / \ / \ / \ \___/ \___/ T h e I n t e r n e t T o u r B u s \___/ TODAY'S TOURBUS TOPIC: Encryption - The Digital Privacy Solution Sending e-mail is like sending a post card - any postal clerk along the way can read your note. In cyberspace, unethical sysops or hackers may sneak a peak at your digital dispatches. And even your boss may be monitoring your e-mail. The solution? Put your electronic communication in a digital envelope, with user-friendly encryption tools. --------------------- NEED A VISA CREDIT CARD? --------------------- Having trouble getting credit? Now you can have a VISA Future Card and Establish or Re-Establish the Credit you deserve! No Security Deposit Required - FREE Vacation Bonus Offers. --------- ---------- If encryption conjures up images of spy, counter-spy and secret decoder rings, you're thinking along the right lines. Government and military agencies have been using encryption to try and keep messages secret ever since the smoke signal. In recent years, online privacy has become a big issue, keeping mathematicians and computer scientists ever scrambling in the quest for unbreakable ciphers that will keep sensitive communications from falling into the wrong hands. So What Is Encryption... ------------------------ ... and how does it work? Basically, encryption means scrambling a message with a hopelessly complicated mathematical formula, rendering it unreadable to anyone except you and those who have the secret key to decode the message. This is a little different than those crypto-quips on the funny pages where one letter stands for another. The latest encryption methods are so powerful that it would take even the fastest computer hundreds or thousands of years to crack the code by trial and error. Several years ago, a programmer by the name of Phillip Zimmerman invented some encryption software that could create mathematically unbreakable ciphers. The U.S. government considered this a threat to national security, since it would allow foreign spies to communicate securely. So they classified Zimmerman's PGP (Pretty Good Privacy) software as a munition, and made it illegal for export. But of course that didn't stop it from spreading all over the world, and it got poor Zimmerman in a heap of legal trouble. Just this year, the Feds dropped charges against Zimmerman and liberalized policy concerning the export of cryptographic software. Zimmerman now heads PGP, Inc. which offers an array of security and crypto software that makes it easy for any computer user to encrypt files and electronic messages. Do I Really Need Encryption? ---------------------------- Businesses rely on the Internet every day to send confidential information back and forth between customers, suppliers and employees. And individuals use e-mail to send messages that may contain sensitive information. If you're worried about competitors stealing your plans, if you're afraid to tell a co-worker what a jerk your boss is, if you're concerned that someone in cyberspace may be reading your love letters or stealing your credit card number, then you really do need encryption! You wouldn't want to plan corporate strategy or negotiate a sensitive business deal in a crowded elevator. And you'd never send tax records to your accountant on a post card. So if it's important and has to travel by e-mail, assume that someone is watching, and assure your privacy with encryption. The point is, your electronic mail and computer files deserve the same protection routinely given to other forms of communication. Remember too, the threat doesn't always come from evil hackers lurking in the shadows of the online world. If a co-worker nabs your password by watching over your shoulder, kiss your private files and e-mail good- bye. Same thing applies if your PC or laptop is stolen. If your LAN guru has too much time on her hands, she can probably view your files or intercept any data that gets passed around the office. You may even fall victim to company policy which gives managers the right to monitor electronic correspondence. If you've never used encryption technology, all this stuff about ciphers and secret codes may seem a bit daunting. And if you've used older versions of encryption software, such as PGP version 2, you may have been frustrated by the command line interface and lack of integration with e-mail tools. The good news is that now you can easily secure your files and messages with a point and a click. PGP for Personal Privacy, Version 5.0 is a slick package that integrates nicely into the Windows 95/NT and Mac desktops as well as popular e-mail clients like Eudora and Microsoft Exchange. The Keys To The Kingdom ----------------------- PGP software uses a system where two keys, one public and one private, are used to encrypt and decrypt information. In order to send an encrypted message, the sender must know the recipient's public key. Once the message is encrypted, only the recipient can decode it with his private key. It's kind of like a public vault with a key hanging next to it. Anyone can walk by, put a package in the vault and lock it, but it can only be opened by the person who has the private key. Here's a quick overview of how this dual-key encryption works, in the context of Internet e-mail. - Alice creates a message for Bob. - Alice gets a copy of Bob's public key. - Alice encrypts the message using Bob's public key. - Alice sends the encrypted message to Bob. - Bob decrypts Alice's message with his private key. - Bob reads the message. It might seem like a lot of extra work, and indeed it used to be. Early encryption tools lacked integration with e-mail systems and did not provide a convenient way for the sender to get the public key of the recipient. A message had to be created with a text editor or word processor, exported to a plain ASCII text file, encrypted, and then pasted into the e-mail program. But before encrypting, you had to send a message to the recipient, asking for his or her public key, and wait for the reply. Point & Click Crypto For The Masses ----------------------------------- Fortunately, you don't have to be a geek to use encryption anymore. The new PGP V5.0 integrates with popular e-mail clients so encryption takes place seamlessly inside the e-mail program. For example, in Eudora you just click the lock icon to indicate that you want to encrypt your message. Then you click the send or queue button like you would normally. And the PGP software even looks up a recipient's public key automatically by querying several online databases called key servers. If you're going to receive encrypted mail, you should register your public key in one of these servers to make it easier for the senders. (The PGP software makes it easy to do that.) When you receive encrypted e-mail from another user, you can decrypt the message by clicking the open lock button on the toolbar. After you view the decrypted message, you decide whether to save the information or retain it in its encrypted form. In addition to securing your e-mail, you can also encrypt and decrypt hard disk files. You may well have word processor documents or financial data that you'd like to keep private. PGP V5.0 puts encryption and decryption features right on the Windows task bar and the Mac's Finder. You can drag and drop a file on the PGPmenu icon to encrypt, and double click to reverse the process. A special passphrase that only you know makes it impossible for others to access your encrypted data. So if your laptop is stolen at the airport, your data is safe. Well, as safe as possible in the hands of a thief, anyway. Steak Knives Not Included ------------------------- If you want to get your mitts on a copy of PGP for Personal Privacy 5.0, it'll set you back about fifty bucks. Depending on your needs, that may be a small price to pay for your online privacy. But if you're looking for crypto on a budget, try PGPfreeware 5.0 instead. It's free for non-commercial use by individuals, includes the easy-to-use graphical user interface, but lacks some of the advanced features found in the deluxe version. You can download either version from the PGP Inc. website at www.pgp.com, but for some real fun grab a copy of Eudora Light (it's free) with PGPfreeware bundled in. You can find this package at www.eudora.com. Both the Windows and Mac versions require 8MB of RAM and will chew up about 15MB of disk space. PGP V5.0 is not available for DOS or Windows 3.1, but you can download an older version (PGP 2.6.2) for those platforms. PGP 2.6.2 will still do an excellent job of securing your data, but lacks a graphical interface and integration with e-mail programs. *----------------------[ DECRYPT THIS, BILL ]-----------------------* Switch to Linux, the free version of Unix for ordinary PC's. Get your copy of the NO B.S. GUIDE TO LINUX today and learn how. Companion CD-ROM includes Linux Pro, Apache web server and tons of free software. 350 pages - all in plain English - $34.95 *------------------- --------------------* See you next time! --Bob =====================[ Tourbus Rider Information ]=================== The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238 Copyright 1995-97, Rankin & Crispen - All rights reserved Archives on the Web at http://www.TOURBUS.com Join: Send SUBSCRIBE TOURBUS Your Name to LISTSERV@LISTSERV.AOL.COM Leave: Send SIGNOFF TOURBUS to LISTSERV@LISTSERV.AOL.COM PROMOTE your business on the Internet Tourbus. Reach over 80,000 people in a Net-friendly way. Our sponsors say "It works!" Make it work for you - contact BobRankin@MHV.net for details. =====================================================================