[Hidden-tech] Encryption question?

[Roger Williams]

>>>>> Kevin Phillips <kevin at kpitconsulting.com> writes:

  > Zixmail is OK for email encryption that integrates with Outlook or can run
  > stand alone.

If you need to use Outlook, you're still better off using GnuPG.  The last I
knew, Gpg4win still didn't work properly with Outlook 2007 (it works OK with
earlier versions), but there are other Outlook 2007 plugins like OutlookGnuPG
(http://www.cumps.be/gpg-in-outlook-2007-outlookgnupg/).

I can't recommend Zixmail for any application other than perhaps dedicated
intra-company low-grade encryption and time-stamping.

It's a proprietary product, from a company that's refused to disclose their
security algorithms for review in the cryptography community, with a FAQ that
reeks of snake oil.

Worse, anything you send via the Zix "feature" that claims to deliver secure
mail to non-users will be decrypted by a public server before being sent to
its destination via an SSL-secured browser connection.  Calling this level of
security "casual" would be very charitable.  PGP self-decrypting archive files
are many orders of magnitude more secure, even if the pass phrases you make up
are only "average quality".

Unfortunately, doing encryption right is a difficult job, and Zix has erected
as many obstacles as they can to doing it right.  Zix is just another PGP
replacement that falls way short of the mark for both security and utility.

-- 
Roger Williams <roger at qux.com>
Chief Technical Officer, Qux Corporation
433 West Street, Suite 8, Amherst, MA 01002, USA
Tel +1 413 253-6400 * Fax +1 508 302-0230 * GSM +1 508 287-1420