What's wrong with email?
Email is the most important single service running on the Internet. Email is also the number one source of security risks, making your messages vulnerable to inside and outside threats.
Email messages have no protection whatsoever. An email message is like an open postcard. Anyone can read the emails you send and receive, and even change them, at any time while in transit on the Internet, at rest in a server, in a back-up file or in your computer.
Every email or attachment you send over a computer network is copied (and perhaps even backed up) on many different computers, without your explicit knowledge and consent. That's the way computers pass data around — they make copies.
Email messages are particularly at risk in our own facilities, where employees and contractors need to access data and servers as part of their routine work. Over half of known IT security breaches occur from within organizations. (2003 CSI/FBI Computer Crime & Security Survey)
Email fraud, with spam, spoofing, phishing and pharming attacks, is also increasing in number and reach, with major losses resulting from worms and viruses that use email to propagate.
Email is, to put it simply, COMPLETELY INSECURE. The security faults include:
• Identity Theft
• Invasion of Privacy
• Message Modification
• False Messages
• Spoof Messages
• Phishing Messages
• False Message Date
• Message Replay
• Unprotected Backups and Disclosure
• Sender Repudiation (sender denies that she ever sent it)
• Recipient Repudiation (recipient denies that she ever read it)
• and many more...
Do I need secure email? I have nothing to hide.
Nonetheless, organizations and professionals in several areas need to comply with legal regulations including Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley regarding information and privacy protection when sending and receiving email. Either as a sender or as a recipient, there are additional needs to protect email that apply to everyone. For example, it is useful for both sender and recipient to make legitimate email stand out against spam and phishing emails. In addition, you need to protect your name or brand, accept attachments securely, prevent worms and viruses from infecting your computer, and prevent spam. All of this can be provided by ZSentry without any cost to the recipient.
THE REST OF THIS SECTION CONTAINS TECHNICAL INFORMATION
NOT NECESSARY WHEN USING ZSENTRY MAIL
What's the problem ZSentry is solving in keeping my keys and data secure?
Firewalls, passwords, two-factor authentication and encryption put locks on your data. However, your data is still not safe. The weak point is not the locks. It is far easier to get the key than to pick a lock. Who keeps the keys to the locks? Your ISP? Your computer? You? With ZSentry, no one keeps any keys...not even you. Unless you are logged in, your keys literally do not exist. With ZSentry the first reason your keys are safe is because they do no exist. Still, someone trying to decrypt by brute force, trying out all key combinations, would be able to eventually discover which key works. However, because ZSentry strengthens your password and effectively defines a very large key-size to search (see EXAMPLE 3, below), it would take a prohibitive amount of time to discover your keys in order to decrypt your data. Any break-in would only reveal gibberish text with no hint or key to decrypt it, anywhere.
With conventional username/password authentication, an encrypted password list in the server is used to verify your login. Your password is your key. But passwords are usually easy to guess. How "easy to guess" can be measured by the password's entropy: for example, zero-bit entropy means that there is nothing to guess (you know for sure), while 1-bit entropy means that you can guess with a 50% chance. In general, a password with b bits of entropy can be guessed or broken in 2b trials. The reality is that users often pick passwords with very little entropy — even though they may think that their passwords are "hard to guess". Practices vary, but for many users the entropy may actually be in the range of 10-40 bits. Consequently, dictionary attacks are a very serious threat. If someone breaks into the server and copies the encrypted password file, a mere number of 210 = 1,024 trials, guided by first trying some commonly used passwords, would be enough to decrypt some passwords offline and, then immediately, gain access online. There are many cases when this happened — it's common knowledge that a password list can indeed be copied and easily cracked. Conventional passwords are also not able to protect against spoofing, phishing and pharming. In addition, once you are authenticated the server still needs to read your authorizations, decryption key and user data from somewhere, all of which can also be attacked.
With two-factor authentication, an unpredictable code must be used whenever you login, in addition to you username and password. The unpredictable code is valid only for a limited time, for example for a couple of minutes. This makes it effectively impossible for someone to login as you, using just your username and password. However, as with the username/password method, once you are authenticated the server needs to read your authorizations, decryption keys and user data, which exist somewhere and can also be attacked. Dividing this information in two or more servers, so that attacking only one server is not enough, helps but still does not take away the fact that the information is there — available.
In addition, neither username/password authentication nor two-factor authentication can protect the user against spoofing, phishing or pharming attacks. For example, when the site pretends to be the legitimate site and simply accepts whatever data the user may enter for username, password, and unpredictable code. Once the user is, thus, falsely authenticated, and trusts the spoofed site, the server asks the user for sensitive data (SSN, for example).
ZSentry not only strengths your password, by requiring its use together with the unpredictable ZSentry Usercode, but also allows your login data keys literally to not exist until you log in again. The ZSentry Password must be entered together with, and is verified with, the ZSentry Usercode. With just 6 uppercase characters that are easy to use and memorize, the ZSentry Usercode packs over 30 bits of entropy. Even if the user chooses a very-low-grade password with 20 bits of entropy, the Usercode increases the total number of combinations to 50 bits. ZSentry also adds a fresh initialization vector for that user, derived from a pseudo-random number generator, and a 128 bit unpredictable ZSentry internal key. The final encryption strength obtained is 256 bit or at least 128 bit (as enabled) with high-grade RC4-drop or AES-256, which is considered more than enough today against any attacker, even with very large resources. In addition, the ZSentry login also protects against web site spoofing (See Return Code).
The user can also prevent attacks even if the ZSentry internal key is known, by just choosing a good password. Choosing a password with 50 bits of entropy would be enough to bring the total entropy, without the ZSentry internal key, to 80 bits — a value that is considered good enough today, and can easily be expanded to 132 bits or more. All of the keyboard characters !@#$%^&*()_-+=|\;:"?/,.<>`~\' and space can be used, for a total of 95 possible characters. Therefore, a user simply flipping a coin, or with a good pseudo-random number generator (there are several freely available on the Internet), should be able to assure more than 80 bits of entropy with no more than 8 ZSentry password characters (and the Usercode) — even if just keyboard characters are used.
ADVANCED USE: ANSI codes from #32 to #255 can be entered using the keyboard (ALT-number), enabling more than 132 bits of entropy with just 13 ZSentry Password characters (and the Usercode). The conventional difficulty for using ANSI codes in passwords is solved by the ZSentry function Password Peek — you can easily see and verify what you typed before you submit, even for ANSI CODES such as ALT-0159 for Ÿ (Latin Capital Letter Y With Diaeresis).
For improved security, we suggest that your password should include at least one upper case letter, one lower case letter, one numeric digit, and one symbol found on the keyboard (any keyboard character not defined as a letter or numeral). Try to make your password as unique as possible, but memorable by you. It's a good idea to write it down EVEN BEFORE YOU TYPE IT and keep it somewhere safe, possibly in two different safe locations, not near your computer. We encourage you to use a new password and not one used for other accounts — specially accounts using conventional password technology. Someone successfully attacking those easy targets could try the corresponding password as your ZSentry Password.
Even though good security systems put good locks on your data, usually the weak point is not the locks. It is far easier to get or guess the key than to pick a lock. The tough questions are who keeps the keys to the locks, and where? How easy it is to guess the key? With ZSentry, no one keeps the keys anywhere...not even you, and it's very hard to guess the key. Unless you are logged in, ZSentry cannot send an email using your keys. And it's not only your keys that are safe, your login and user data are also protected.
What is protected by ZSentry, and how?
No Target, No Risk
Without your cooperation, your ZSentry Usercode, Password, and keys literally do not exist and they are extremely hard-to-guess together. They cannot be targets for attack. It does not matter how clever the attacker is. No target means no risk, no liability for anyone. Without your cooperation, your ZSentry user data also does not exist. With ZSentryID, for additional two-factor authentication, your login is safe even if both your Usercode and Password are compromised.
Prevent Backup and Disclosure Threats
Email messages are stored in POP and SMTP servers in plain, unencrypted text. Backups of the data on these servers may be made at any time and administrators can read any of the data on these machines. It is legal in many countries, the US included, for administrators to read your email that is "at rest" in their servers — even if "at rest" for a millisecond — without you ever knowing it. The data obtained can be used for the administrator's own purposes, such as market research for your competitor. The email messages you send may also be saved unexpectedly and indefinitely and may be read by unknown persons as a result. With ZSentry, your email is encrypted before transmission and remains protected from end-to-end. You can use any POP and SMTP server — your Zmail looks gibberish, has no meaning, and can only be decrypted by the sender (you) and the recipient. Even the Subject header can be encrypted, if you wish.
Securely Store Documents With ZSentry
Each Zmail is an encrypted container that can store any type of data, right at your PC. You can use ZSentry both for secure data transport as well as for secure data storage. You can automatically share an encrypted container with one or more persons — just add them to the recipient's list (To:). Works with all Media including removable (e.g., USB Drives) and over a network.
No Spoofing, No Phishing, No Pharming
In addition, because you are not asked to give your ZSentry Password unless you have a first proof that the website you reached is the legitimate site allowed to process it, you can easily prevent spoofing, phishing and pharming attacks trying to make you reveal your user login and user data, after you falsely log in. Additional values that you have not disclosed are provided as proofs for your verification after you log in, including your name and email address that must be correct on top of each page.
See also the ZSentry Spoofing, Phishing, Pharming and Spam FAQ
The contents of this entire site and domains zsentry.com are © Copyright, NMA Inc., 2006. All rights reserved, worldwide. Titles and product names are trademarks of NMA, Inc., including NMA, ZSENTRY, Return Code and ZMAIL. Patent pending.