In 40 years, email is still the weakest link in security … so how can we stop email snooping?

Within 40 years, email has not changed much. Basically, its still the same as it was when it was created, and all we have done is add a tunnel for the sending and the reception of the email message. There is little in the way of checking of the sender of an email, and it is normally in a plaintext format on our email servers. This leaves email open to both phishing, and where scanning systems must try and interpret the body of the email to determine if it is malicious.

Insiders, too, can often view (and change) email messages. PGP, though, should have replaced our email systems, as it provides both the encryption of the message (using the public key of the recipient) and also includes the signature of the sender (using their private key to sign and their public key to prove their signature).

But PGP has failed to take on because of the complexity in dealing with encryption keys — along with Microsoft failing to adopt trusted email within their Exchange product. So while the usage of PGP normally involves the integration of a keyring to store the keys for recipients, we can actually simplify it by just using the symmetric key option. With this we just take a password, and then generate an AES key. This is used to encrypt the message and then covert it into an…