|
-
January 27th, 2003, 11:51 AM
#1
Junior Member
Email content integrity
Hi there!
I have some emails whose content needs to be proven true. Does anyone know if there is any sort of CRC attached to emails on Windows platforms so that you can determine if an email was modified?
Any help will be appreciated.
-
January 27th, 2003, 12:15 PM
#2
Nope..
You'll have to provide a means of integrity-validation yourself, when sending mail that'll need to be validated by the recepient..
An MD5 sum or a PGP signature...
that's the only way to prove there hasn't been tempered with the mail...
There is no way to validate "old" emails...
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
January 27th, 2003, 12:18 PM
#3
Banned
i heard a lil bout MD5 and PGP sigs and they sound full-proof ... is there anyway too "fool" someone, what i mean is are they 100% or are there loopholes?
-
January 27th, 2003, 12:40 PM
#4
MD5 signatures are realy easy to make..
They are only to check the mail for integrity, not for "proof of sender"..
the PGP signature is a combination of the senders key and the mail message..
Thus the PGP signature proves both the mails integrity and the senders identity...
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
January 27th, 2003, 01:05 PM
#5
Banned
so can pgp sigs be made up/intercepted etc?
-
January 27th, 2003, 01:25 PM
#6
There are more then one ways to use pgp with your email..
The signature (we were discussing) works like this..
the sender does this..
[Message] + [Private key] -> [PGP signature]
the email consists of [Message] + [PGP sugnature]
the receiver does this..
[PGP signature] + [Message] + [Public key] => validation
If you haven't got the Private key of the sender, you cannot eddit the message and have a correct PGP signature.. Only the sender has his own Private key... Evryone else has the senders Public key (hence public) !!
more info: http://www.pgpi.org/ especialy http://www.pgpi.org/doc/faq/
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
January 27th, 2003, 01:34 PM
#7
Banned
so is this private key secure, can it be craked at all?
-
January 27th, 2003, 01:40 PM
#8
the private key is as secure as you keep it 
It is your key.. And only you should have it..
Drew, did you read any off the links I send you?? http://axion.physics.ubc.ca/pgp-attack.html
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
January 27th, 2003, 01:55 PM
#9
Banned
sorry bout that, my eys get lazy and u'll find i skip words and lines for no reason [i don't know how i managed to miss those links]. anyway i c em now, time for some reading.
thanxs for ur help.
-
January 27th, 2003, 08:50 PM
#10
If you are running Exchange you can implement a key management server to digitally sign all of your messages. A digital signature provides that the sender is who it says it is, and the sender created the contents. It works in a very similar fashion to PGP, except that you have a centralized location to manage all of your keys. Nothing is hack proof, but if you implement it properly, it is fairly secure.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
