Navoty has announced the immediate availability of LockedEnvelope in beta. The system allows users of any e-mail application with any e-mail service on any OS to send an encrypted message to anyone with a simple pass phrase.
Creating encrypted e-mail is not extremely difficult. However, when it comes to making everything work with all your associates all the time, it can be a challenge. Especially when all one wants to do is send an occasional secret piece of data. For example, when working collaboratively on building a Website with passwords.
Now, LockedEnvelope can solve that problem. TMO spoke with the developer, Terry Heath of Navoty, Inc. to get more details. The systems uses a Website and secure server as an intermediate. Any standard e-mail system can be used. The idea is simplicity itself.
First, one goes to LockedEnvelope.com and creates a challenge question, for example, a spouseis favorite food, and answer (pass phrase). The system creates a URL and stores an AES-256 bit encrypted package on their server that is not tied to the senderis ID. The sender then cuts, pastes, and sends that URL in a standard message to the recipient. Utilizing the fact that clicking on a URL in e-mail opens a Web page for most users, the page with the challenge question is shown in the recipientis browser.
The pass phrase is hashed in a one-way encryption algorithm to authenticate. If valid, the AES 256-bit encrypted content is displayed. “Because the would-be bad-guy has no idea what your wife?s favorite food is, there?s no way for them to access the message, and thus, the information is sent safely and securely, completely out of sight from prying eyes,” Mr. Heath explained.
“We hash your answer in our database, which means that we canit recover it if you lose it. It also means that if someone broke into our server and looked at our database, they canit recover the answer. The secret message is encrypted using your answer, which, again, we donit have. When the message is finally decrypted by the recipient, itis over SSL, an industry standard HTTP encryption and authentication protocol. You know that the message is coming from LockedEnvelope, and you know that nobody else is reading your message.”
Creating the URL |
---|