Please remember that email is not a secure communications medium. Do not say anything in an email that you would not be comfortable seeing on a bathroom wall or on CNN.
There are many packages, products, and offerings that purport to secure email. Unfortunately, however, they don’t work against anything more than basic threat models. That’s a round-about way of saying what I said at the beginning; let me repeat: Do not say anything in an email that you would not be comfortable seeing on a bathroom wall or on CNN.
If you use a system like Protonmail or Signal or whatever, you should assume that the ciphertext of your messages is being collected and carefully stored; if there is ever a vulnerability that allows an offline crack against stored messages, then your communications will be compromised. In fact, you’ve got an even bigger red flag waving above your head because you tried to bypass surveillance. I am not saying those systems are “bad”; it’s more complicated than that.
If you are using a system where there’s a cloud server holding your messages “encrypted while stored” or something like that, here’s a way of thinking about it: if your endpoint device gets lost or wiped and your messages are recoverable, then that means that – somehow – a recovery key is getting stashed someplace. And, if it is, you’re back in “bathroom wall or CNN” territory. Remember those incidents a few years ago where lots of Hollywood starlets’ cell phone selfies leaked out? A lot of that happened because of the recovery process: if someone can get your Apple or whatever-ID and password, and the system would allow you to re-populate a reset phone, then those same credentials would allow a hacker or the FBI to re-populate another phone in your name.
In general, however, you need to know about offline attacks, which are how most code-breaking is done, anyway: you take an encrypted message (a blob of cipher-bits) and hand it to a great big array of custom silicon that tries many many passwords very fast in parallel, and when something that’s statistically similar to language (instead of random noise) pops out the other side, you ring a bell. Very often you’ll see breathless descriptions of key-lengths and “until the end of the universe” but those numbers fall away very quickly if there are any errors in the implementation. And, there almost always are – deliberate or accidental errors.
To secure your communications against a high threat model, you’ll need a complete stack of your own: endpoints, algorithms, applications and physical control. In other postings I’ve outlined roughly how to build a mid-quality secure email service [stderr] and it’s almost pointlessly effortful. For sure, if I were doing IT for a presidential campaign, that’s how I’d do it. And if Anthony Weiner, Donald Trump(s), Hillary Clinton, Ronald Reagan, Michael Podesta, or flippin’ anyone who doesn’t want to see their email on bathroom walls or CNN – that’s how they should do it.
We are currently experiencing a great deal of political turbulence as a result of people not understanding the basics of email security. Namely, that there isn’t any.
I use Protonmail for some stuff. But it’s still stuff I wouldn’t mind seeing on a bathroom wall or CNN.
A rule of thumb for high threat model is that if your system has a password that you know, it’s not good enough. Take a look at how a STU-III (Secure Telephone Unit) works [wiki] the keying material is in a physical, destroyable, key that the user has no control over except to have it in their possession and turn it in the phone. That was a nice piece of work.
If you’re really going for it: do a face-to-face exchange of sampled random data (capture the randomness using frame-sampling from a video camera pointed at a lava lamp, then XOR it with cipher output from a cryptographic hashing function like SHA-1) Make sure you were running the sampling on a system using battery power not plugged into a wall outlet. Oh, and make sure you were below ground, ideally far below ground. In a Faraday cage if you have one. Wearing a tinfoil hat. Then, once you’ve exchanged your data on a thumb-drive, the system(s) you use to encrypt and decrypt are never used for anything else; they live in a safe with the thumb-drive epoxied into the USB port, and epoxy in all the other ports, and over all the case screw-holes. When you generate a message, XOR the plaintext with an incremental offset into the pre-exchanged random bits then embed the resulting ciphertext into the least significant bits of one of a pre-selected set of JPEG images, write it to a blank DVD and upload it to one of a rotating set of facebook accounts. Then microwave the DVD. Do not ever plug a USB device into that laptop again. When you run out of the whatever-many Gb of source random bits, demolish the laptop by putting the whole mess in a barbecue and melting it, then repeat the process. As part of an exercise, a friend of mine and I actually started this procedure, then we realized we were being silly and were painting targets on our backs, so we pulled down our tinfoil hats and went back to using open internet mail.
The technique I describe above is a Vernam Cipher, AKA a “one time pad” which is the only perfectly secure encryption system. However: it trades infinite operational complexity for theoretical perfection. See the one time pad FAQ, which I wrote back in 1995 or so. [otp] The availability of huge amounts of cheap storage (128gb USB stick would be a lifetime of messages if you stick to text) so the key exchange problem is a once-in-a-lifetime challenge. I occasionally daydream about making an OTP device; it’s a simple software layer that’d run atop a raspberry pi system. Basically, it’s a Palantir (except the name has been trademarked I’m sure)..
Lastly, remember, if they can’t break your crypto, they’ll break your teeth. [rubber hose] So don’t make your security perfect.