[PLUG] Encrypting email...

plug_0 at robinson-west.com plug_0 at robinson-west.com
Tue Mar 8 09:44:13 UTC 2005 

I've had a problem with unauthorized access of a 
Horde IMP accessible email account.  I'm curious 
about encrypting the messages in the account so 
that an individual who intercepts them is far 
less likely to know their content.  In essence,
I want someone who figures out the password
to only get garbage if they don't know the
decryption secret.

Lately, this person and I have agreed to cease 
communicating for a decent length of time hoping 
to discourage the thief.

I've learned that the password was known by 
the thief.  The old password, pocahontas,
was too simple.  Then again, it wasn't like
anyone was supposed to know this email 
account existed for her and I didn't expect
anyone to guess the password.  I didn't
notice any failed logins, so I don't think
this person ever had to guess.

At this point, I've limited remote 
logins by ip and I changed the 
password.  Unfortunately, this 
person has said that he/she can 
figure out the password regardless 
of what it's set to.

I have a feeling her ISP based email
accounts will be hacked or via 
some clever dishonesty gotten into.
Oh well.  I suppose she can give 
email up completely except for safe 
messages that she has to send.

I realize encryption isn't a solution,
but it could at least slow the thief.  
If it slows the thief enough, 
maybe my friend and I can 
communicate again in this way.  
There's a telephone, but when it is 
used there is an easily obtained 
record of the call.  If I had known
the password was going to leak, I
might have declared a communication
blackout months ago.

For starters, I'm thinking I can encrypt 
messages by mapping the alphabet to a 
different set of 26 symbols.  I figure 
I can start with a mixture of numbers 
and letters.  I would be nice if I had 
a program I can email to that will
encrypt the message and then forward
it on to her account.  I figure if I
have five different mappings and 
a random one is used for each paragraph
in an email, that that should be 
reasonably hard to crack.  Maybe some
letters should be replaced with two
symbols so that a cracker doesn't
know the length of the original
word.  If I have say nine symbols
to replace spaces with and I use
them randomly, it should be very 
hard to decipher the message.

More information about the PLUG mailing list