9.3.4 Encryption
As an additional layer of security, you can encrypt your e-mail. Encryption will turn your e-mail
text into a garbled mess of numbers and letters that can only be read by its intended
recipient. Your deepest secrets and your worst poetry will be hidden from all but the most
trusted eyes.
However, you must remember, that, while this may sound good to you – and to all of us who
don't really wish to be exposed to bad poetry – some governments do not approve. Their
arguments may – or may not – be valid (you can discuss this amongst yourselves), but validity
is not the point. The point is that, depending on the laws of the nation in which you live,
sending an encrypted e-mail may be a crime, regardless of the content.
9.3.4 加密
为了增加安全度,你可以对你的电子邮件加密。加密后的电子邮件会变成混乱的数字和字母的组合,只有接收方才能够读懂。你的邮件内容除了那个你发送的人之外,谁都看不到。
但是,你要记住,加密来向外人隐藏秘密可能对你或者我们大家来说都是很好的,但是某些政府是不支持对邮件加密的。他们的理由可能是正当的,也可能不是。但重点不是这个,而是就你国家的法律而言,发送加密邮件可能是会犯法的事,不管你邮件内容是什么。
9.3.5 How does it work?
Encryption is fairly complicated, so I’ll try to explain it in a low tech way:
Jason wants to send an encrypted message. So the first thing Jason does is go to a
Certificate Authority and get a Digital Certificate. This Certificate has two parts, a Public Key
and a Private Key.
If Jason wants to receive and send encrypted messages with his friend Kira, they must first
exchange Public keys. If you retrieve a public key from a Certificate Authority that you have
chosen to trust, the key can be verified back to that certifying authority automatically. That
means your e-mail program will verify that the certificate is valid, and has not been revoked.
If the certificate did not come from an authority you trust, or is a PGP key, then you need to
verify the key fingerprint. Typically this is done separately, by either a face to face exchange
of the key or fingerprint data.
Now let's assume that both Kira and Jason are using compatible encryption schemes, and
have exchanged signed messages, so they have each others public keys.
When Jason wants to send an encrypted message, the encryption process begins by
converting the text of Jason’s message to a pre hash code. This code is generated using a
mathematical formula called an encryption algorithm. There are many types of algorithms,
but for e-mail S/MIME and PGP are most common.
The hash code of Jason’s message is encrypted by the e-mail program using Jason’s private
key. Jason then uses Kira’s public key to encrypt the message, so only Kira can decrypt it with
her private key, and this completes the encryption process.
9.3.5 怎样工作的?
加密算法十分复杂,所以我会试着用比较低技术含量的方式来解释:
Jason想发送一封加密邮件,他需要做的第一件事是找认证机构,获得数字证书。该证书有两部分,一个公开密钥和一个个人密钥。
如果Jason想和他的朋友Kira用加密邮件进行通信,他们必须交换公共密钥。如果你从认证机构得到一个公共密钥,认证机构会自动的验证该密钥的真实性。也就是说你的电子邮件应用程序会核实该证书的有效性。如果颁发该证书的机构不是你信任的机构,或者是一个PGP密钥,那么你需要核实验证码。通常这是分开做的,要么面对面的交换密钥或者交换验证码。(又有点晕了)
现在假设Kira和Jason都使用一样的加密机制,也交换了签名的邮件,所以他们都有对方的公共密钥。
当Jason想发送一封加密邮件时,该邮件通过加密变成一段预哈希码。这个代码是由加密算法的数学公式转换的。有很多不同的算法,其中电子邮件 S/MIME 和 PGP最普遍。
Jason邮件的哈希代码由电子邮件软件加密,密钥是Jason的私人密码。Jason会使用Kira的公共密钥加密信息,所以,Kira能通过她的私人密钥解密,这样就是加密的全过程。
9.3.6 Decryption
So Kira has received an encrypted message from Jason. This typically is indicated by a lock
Icon on the message in her in box. The process of decryption is handled by the e-mail
software, but what goes on behind the scenes is something like this: Kira’s e-mail program
uses her private key to decipher the encrypted pre hash code and the encrypted message.
Then Kira’s e-mail program retrieves Jason’s public key from storage (remember, we
exchanged keys earlier). This public key is used to decrypt the pre hash code and to verify the
message came from Jason. Kira’s e-mail program then generates a post hash code from the
message. If the post hash code equals the pre hash code, the message has not been altered
en route.
Note: if you lose your private key, your encrypted files become useless, so it is important to
have a procedure for making backups of your private and public keys.
9.3.6 解密
Kira已经收到Jason发过来的加了密的邮件, 她可以通过邮箱中的一个锁定图标看到。解密是由电子邮件软件处理的,但是解密的过程大概是这样的:Kira的电子邮件应用程序用她的私人密钥解开加密的预哈希代码和加密的邮件。然后程序会从存储器中取回Jason的公共密钥(要记得,我们之前就交换公共密钥了)。该公共密钥用来解密预哈希代码,核查Jason的信息。Kira的电子邮件程序会通过该邮件产生一个哈希代码。如果该哈希代码和预哈希代码相符,那么这份邮件在传输途中没有被篡改。
注意:如果你遗忘了私人密钥,你的加密文件便会失效,所以有必要对你的私人密钥和公共密钥进行备份。
9.3.7 Is Encryption Unbreakable?
According to the numbers, the level of encryption offered by, for example, PGP is
unbreakable. Sure, a million computers working on breaking it would eventually succeed, but
not before the million monkeys finished their script for Romeo and Juliet. The number theory
behind this type of encryption involves factoring the products of very large prime numbers,
and, despite the fact that mathematicians have studied prime numbers for years, there's just
no easy way to do it.
But encryption and privacy are about more than just numbers. However, if someone else has
access to your private key, then they have access to all of your encrypted files. Encryption
only works if it is part of a larger security framework which offers protection to both your
private key and your pass-phrase.
9.3.7 解密工作难攻克吗?
这要看加密的难度,例如,PGP是破解不了的。当然,用一百万台电脑来破解它可能会成功,但是绝对在一百万只猴子写完罗密欧与朱丽叶的剧本之后才能破解。在这种加密使用的数论需要对一些数进行因式分解,而这些数包含非常大的素数,虽然数学家已经花了很多年研究素数,但还是不能有更简单的方法来解决这类问题。
但是加密和隐私不仅仅是数字问题。但是如果某个人得到了你的私人密钥,那么他们就能获得你所有的加密文件。只有当加密行为成为对个人密钥和密码提供安全保护的安全框架的一部分的时候,加密行为才会有效。
Exercises:
1. Is encryption of email legal in the country that you reside in? Find one other country that it
is legal in,and one country where it is illegal to encrypt email.
2. Science fiction writers have imagined two types of futures, one in which people's lives are
transparent, that is, they have no secrets, and one in which everyone's thoughts and
communications are completely private. Phil Zimmerman, creator of PGP, believes in
privacy as a source of freedom. Read his thoughts on why you need PGP at
http://www.pgpi.org/doc/whypgp/en/. Then look at science fiction writer David Brin's
article 'A Parable about Openness' at http://www.davidbrin.com/akademos.html in which
he makes a number of points advocating openness as a source of freedom. Discuss these
two opposing viewpoints. Which do you prefer? Which do you think would most likely
succeed? What do you think the future of privacy will be like?
练习:
1、在你的国家,对邮件加密时合法的吗?找出传输加密邮件合法的国家和不合法的国家各一个。
2、科幻小说家幻想了两种未来,一个未来世界里人们的生活是透明的,也就是说,人们之间没有秘密,另一个未来世界里每个人的思想和交流都完全保密的。Phil Zimmerman,PGP的设计者,认为自由的来源是隐私。在http://www.pgpi.org/doc/whypgp/en/上阅读他关于PGP的思想。然后 在http://www.davidbrin.com/akademos.html查看科幻小说家David Brin关于开放问题的文章。讨论这两种对立的观点。你更喜欢哪个?哪一种观点你认为会成功?你认为未来的隐私是怎样的?
9.4 Connection Security
Last but not least is connection security. For web mail, ensure you are using an SSL
connection to your ISPs e-mail. A small lock icon will appear in the bar at the bottom of your
browser. If you are using POP and an e-mail client, ensure that you have configured your email
client to use SSL with POP on port 995 and SMTP on port 465. This encrypts your mail from
you to your server, as well as protecting your POP / SMTP username and password. Your ISP
should have a how-to on their web site to configure this. If they don’t offer a secure POP /
SMTP connection, change ISPs!
Exercise:
If you have an e-mail account, find out if your account is using SSL for its connection. How do
you check this in your e-mail client? Does your ISP provide information regarding an SSL
connection?
9.4 联机安全
最后一点但同等重要的一点是联机安全。就网页邮件来说,确保你使用SSL连接网络服务提供商的电子邮件。一个小的锁定图标会出现在网页浏览器的地址栏中。如果你使用POP和电子邮件客户端,确保你已经对电子邮件客户端进行了配置,使用SSL连接,同时在端口995上使用POP协议,端口465上使用SMTP协议。这样你发送到服务器上的电子邮件会被加密,同时也能保护POP/SMTP用户名和密码。你的网络服务提供商的主页上应该会告诉你怎么配置。如果他们不提供安全的POP/SMTP连接,换一个网络服务提供商吧!
练习:
如果你有一个电子邮件账户,查查看是不是使用SSL进行的连接。你要怎样通过客户端查看呢?你的网络服务提供商提供关于SSL连接的相关信息吗?
Further Reading 深入阅读
Can someone else read my e-mail? 你们能阅读我的邮件吗?
http://www.research.att.com/~smb/securemail.html
MIT's PGP freeware page 麻省理工学院PGP免费软件下载页面
http://web.mit.edu/network/pgp.html
General news on Internet privacy issues: 关于互联网隐私问题的一般新闻
Electronic Privacy Information Center 电子隐私信息中心
http://www.epic.org/
and
Electronic Frontier Foundation 电子领域基金会
http://www.eff.org/
More about PGP 更过关于PGP方面的知识
http://www.openpgp.org/index.shtml
How Reading an Email Can Compromise Your Privacy 怎样浏览邮件会暴露你的隐私
http://email.about.com/od/staysecureandprivate/a/webbug_privacy.htm
Avoiding E-mail Viruses 防御电子邮件病毒
http://www.ethanwiner.com/virus.html
A Brief Overview of E-mail Security Questions (with a short advertisement at the end) 电子邮件安全问题简单概述(后面有一小段广告)
http://www.zzee.com/email-security/
A Brief Overview of E-mail Security Questions (with no advertisement) 电子邮件安全问题简单概述(没有广告)
http://www.claymania.com/safe-hex.html
Windows Based E-mail Precautions 窗口基准电子邮件预防措施
http://www.windowsecurity.com/articles/Protecting_Email_Viruses_Malware.html
http://computer-techs.home.att.net/email_safety.htm
Differences Between Linux and Windows Viruses (with information on why most Linux e-mail
programs are more secure)
Linux和Windows病毒的差别(解释了为什么大多数的Linux电子邮件程序更加安全)
http://www.theregister.co.uk/2003/10/06/linux_vs_windows_viruses/
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
