Email content integrity
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Email content integrity

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    1

    Email content integrity

    Hi there!

    I have some emails whose content needs to be proven true. Does anyone know if there is any sort of CRC attached to emails on Windows platforms so that you can determine if an email was modified?

    Any help will be appreciated.

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Nope..

    You'll have to provide a means of integrity-validation yourself, when sending mail that'll need to be validated by the recepient..

    An MD5 sum or a PGP signature...

    that's the only way to prove there hasn't been tempered with the mail...

    There is no way to validate "old" emails...
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Banned
    Join Date
    Jan 2003
    Posts
    163
    i heard a lil bout MD5 and PGP sigs and they sound full-proof ... is there anyway too "fool" someone, what i mean is are they 100% or are there loopholes?

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    MD5 signatures are realy easy to make..
    They are only to check the mail for integrity, not for "proof of sender"..

    the PGP signature is a combination of the senders key and the mail message..
    Thus the PGP signature proves both the mails integrity and the senders identity...
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    Banned
    Join Date
    Jan 2003
    Posts
    163
    so can pgp sigs be made up/intercepted etc?

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    There are more then one ways to use pgp with your email..

    The signature (we were discussing) works like this..

    the sender does this..

    [Message] + [Private key] -> [PGP signature]

    the email consists of [Message] + [PGP sugnature]

    the receiver does this..

    [PGP signature] + [Message] + [Public key] => validation

    If you haven't got the Private key of the sender, you cannot eddit the message and have a correct PGP signature.. Only the sender has his own Private key... Evryone else has the senders Public key (hence public) !!

    more info: http://www.pgpi.org/ especialy http://www.pgpi.org/doc/faq/
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  7. #7
    Banned
    Join Date
    Jan 2003
    Posts
    163
    so is this private key secure, can it be craked at all?

  8. #8
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    the private key is as secure as you keep it

    It is your key.. And only you should have it..


    Drew, did you read any off the links I send you?? http://axion.physics.ubc.ca/pgp-attack.html
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  9. #9
    Banned
    Join Date
    Jan 2003
    Posts
    163
    sorry bout that, my eys get lazy and u'll find i skip words and lines for no reason [i don't know how i managed to miss those links]. anyway i c em now, time for some reading.

    thanxs for ur help.

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    If you are running Exchange you can implement a key management server to digitally sign all of your messages. A digital signature provides that the sender is who it says it is, and the sender created the contents. It works in a very similar fashion to PGP, except that you have a centralized location to manage all of your keys. Nothing is hack proof, but if you implement it properly, it is fairly secure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •