Hi there!
I have some emails whose content needs to be proven true. Does anyone know if there is any sort of CRC attached to emails on Windows platforms so that you can determine if an email was modified?
Any help will be appreciated.
Printable View
Hi there!
I have some emails whose content needs to be proven true. Does anyone know if there is any sort of CRC attached to emails on Windows platforms so that you can determine if an email was modified?
Any help will be appreciated.
Nope..
You'll have to provide a means of integrity-validation yourself, when sending mail that'll need to be validated by the recepient..
An MD5 sum or a PGP signature...
that's the only way to prove there hasn't been tempered with the mail...
There is no way to validate "old" emails...
i heard a lil bout MD5 and PGP sigs and they sound full-proof ... is there anyway too "fool" someone, what i mean is are they 100% or are there loopholes?
MD5 signatures are realy easy to make..
They are only to check the mail for integrity, not for "proof of sender"..
the PGP signature is a combination of the senders key and the mail message..
Thus the PGP signature proves both the mails integrity and the senders identity...
so can pgp sigs be made up/intercepted etc?
There are more then one ways to use pgp with your email..
The signature (we were discussing) works like this..
the sender does this..
[Message] + [Private key] -> [PGP signature]
the email consists of [Message] + [PGP sugnature]
the receiver does this..
[PGP signature] + [Message] + [Public key] => validation
If you haven't got the Private key of the sender, you cannot eddit the message and have a correct PGP signature.. Only the sender has his own Private key... Evryone else has the senders Public key (hence public) !!
more info: http://www.pgpi.org/ especialy http://www.pgpi.org/doc/faq/
so is this private key secure, can it be craked at all?
the private key is as secure as you keep it ;)
It is your key.. And only you should have it..
Drew, did you read any off the links I send you?? http://axion.physics.ubc.ca/pgp-attack.html
sorry bout that, my eys get lazy and u'll find i skip words and lines for no reason [i don't know how i managed to miss those links]. anyway i c em now, time for some reading.
thanxs for ur help.
If you are running Exchange you can implement a key management server to digitally sign all of your messages. A digital signature provides that the sender is who it says it is, and the sender created the contents. It works in a very similar fashion to PGP, except that you have a centralized location to manage all of your keys. Nothing is hack proof, but if you implement it properly, it is fairly secure.
You could also download Sam Spade(http://www.samspade.org). It has a functionality that let's you parse the email headers to search for forgery.