Espion automates e-mail encryption
Maybe I'm missing something here but reading this article it seems that someone's come up with an encrypted mail product that's pretty insecure... from the article
"MXLock uses two-key encryption; one of the 1,024-bit keys resides at the sender’s gateway, the other is delivered to the recipient as part of the e-mail. When the recipient gets an e-mail from an MXLock user who has encrypted a message, the recipient is directed to click on a link embedded in the e-mail. Once at this Web page, the recipient’s key is authenticated against the key stored in MXLock and a browser window is opened for viewing or downloading the decrypted message, Chakravarthi explains. "
so if you intercept the mail enroute to the recipient, you get the key that's sent (it can't be encrypted as there would be no way to decrypt it) then you click on the link and allow the key to be authenticated and read the mail... how would this be any use? The risk you are mitigating (interception and reading of the mail in transit) isn't mitigated because you can just use the intercepted key and link to get to the mail anyway!
I checked the website of the vendor for a whitepaper but there's none that I can see....
Posted by rorym at October 5, 2005 3:49 PM