Secure E-mail Communications

Alternative communications: Investigate www.hushmail.com. They are located in Aruba and are under the jurisdiction of EU data privacy laws. They offer two secure email services -- a for-pay service and a free per-message service.

To use the free per-message service, you specify a one-time encryption/decryption key when you send the message. You transmit the encrypted message and a question (whose answer is also the decryption key) to your recipient. Embedded spaces and upper-lower case are ignored.

For example: I encrypt a message with the one-time key "Pablo Picasso" and the question "Who is your favorite modern artist?" and send it to my colleague Smith.

Smith receives an email with a SSL-protected URL pointing to a Hushmail web page, which informs Smith I have sent him/her an encrypted email, and prompts her/him with the question "Who is your favorite modern artist?"

If Smith successfully enters "Pablo Picasso" (or "pablo Picasso", or even "pabl o pic a sso", since embedded spaces and case are irrelevant) within three attempts, she/he is presented with a web page containing my original message.

The longer the key and the harder to guess it is, the more secure. Using the key "Rudolph" and the question "Lead reindeer?" is possibly less secure than it could be.

To be really secure, I should have pre-arranged a set of hard-to-guess keys with Smith.

Perhaps my question might be "Number seventeen?", referring to the seventeenth key on a printed list of 40-character random characters I've previously handed to Smith.

Perhaps my question might be "What is 47-4?" where we both have a copy of the same book or magazine, and agree to use the last 15 non-blank characters from in this case page 47 line 4 of that book.

Or, use your imagination.
(As we say in my profession, you're not paranoid if they are out to get you ;-)

--Bruce