Sigaba Secure encryption

Greetings!

Anyone using Sigaba Secure (desktop)for Windows 9x? Seems easy to install and use. Your experience?
http://www.sigaba.com/products/plug-ins.html

j

Hi, janusz! I'm ready to give it a whirl if you are! D/l'ed the plug-in, but haven't set it up yet (not even sure it'll work on WinMe, for that matter, but I'm guessing it will).

Let me know if you want to test it out.

From their 'Privacy Policy': "Sigaba Corporation is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. Sigaba will not sell, share, or rent individual user information to any third party. Sigaba Corporation collects information from our users at several different points on our website."

It then goes forward to explain all that stuff - standard disclaimers, nothing seriously untoward in any of it, and the 'Notification of Changes' sounded good, too:

"Notification of Changes

If we decide to change our privacy policy, we will post those changes on our Homepage so our users are always aware of what information we collect, how we use it, and under circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected."

Sounds pretty good, right? The TOS before you can get the d/l DOES include this, however:

"Liability

The information and services included in or available through the Service may include inaccuracies or errors. Sigaba may make improvements and/or changes to the Service at any time without notice.

Sigaba does not guarantee that SigabaSecure will be uninterrupted or error-free, that bugs or malfunctions will be corrected, or that the Service and its servers are free of harmful components. Sigaba does not guarantee that the uses of its Service, or the materials provided within the Service, are accurate, without error, or reliable.

Sigaba provides its Service "as is". The Company makes no warranty or covenant in regards to the availability, reliability, or timeliness of the Service. Sigaba is not responsible for the appropriateness of the Service for any one purpose.

Sigaba will not be held responsible for any and all damages whatsoever as a result of the loss of use, data or profits connected to the performance of SigabaSecure. Sigaba does not guarantee that keys will always be available. Sigaba does not take responsibility if keys are lost for any reason. The user is solely responsible for any and all information that he or she transmits using SigabaSecure. Sigaba is not responsible or liable for any product or service acquired or requested using the Service. The sole remedy is for users to discontinue their use of SigabaSecure and its related Web sites."

Actually, the only thing that makes me hesitant about trying it out (or at least USING it on a regular basis) is that I'm having problems finding out exactly what KIND of encryption it uses.

Well? Pete

------------------
Compaq 7110US,1.3GHz Athlon,256MB RAM,WinMe, IE5.5,Opera6.03 build 1107. Global Mod@ http://www.security-pro.co.uk/yabb/YaBB.pl

Sure, Pete!

Let's give it a try. Send me an encrypted message . . . let 'er rip!!

Click here to email me

janusz

Composing now and getting ready to send.

The stuff you'll see at the bottom of it is my Carnivore teaser - I'll TRY to let you know if government helicopters swoop in to get me! Pete

*Sent (I think! Everything seemed to just kind od disappear after it established the keypairs). If you don't get it, let me know here - or if you have problems deciphering it, okay?

I'll do the same for your reply. Pete

Anyone who knows anything about secure e-mail knows that PGP is the best there is. PGP has been around longer than pretty much any other e-mail encryption program out there and is trusted by more people in the world. Plus, there's a version available for almost any platform out there.

PGP rules!!!

If you want to check it out, go to http://web.mit.edu/pgp/ for the freeware, personal version.

Hey, Pete!

Received your message - had a bit of a problem on my end but was able to decrypt your message okay.

It would not decrypt and stated that my account was not activated (I have no idea HOW that is accomplished) - so your message received encrypted. I uninstalled and reinstalled the plug-in and was able to decrypt your message. It asked me for username and password and decrypted the message without any probem.

I sent reply. Sure is fast, easy, and no-hands operation.

Oh, that sure is some kind of list at the bottom . . . You are surely being watched. :)

kballard175 - As far as PGP - sure it's been around longer, etc. However, I'm open to anything that is better and more convenient (IMHO). Popular usage of PGP or any program doesn't necessarily equate to "forever" - ask Netscape and other once top-rated software. Things change. But I've nothing against PGP . . . just a bit complicated for most though. I don't want to get off the topic and get into a debate over this. This is just a simple test of the Sigaba Secure plug-in encryption software, an alternative to PGP.

Pete - I am slow replying since I have Sigaba Secure on my home pc and must wait until I get home to reply.

Let the test continue . . .

janusz

janusz - Received and replied to your reply email. It's looking pretty good - and, OMG! - talk about easy! And you can send and receive encrypted files with it, too.

Note - I agree, right now we're just playing with this thing to see if it works as advertised. Something like this, that if nothing else at least keeps someone from walking up to the computer and being able to read every email I've got definitely could fill a useful niche.

I don't need nuclear/industrial/military impenterable-grade encryption (such as PGP provides), but thank you anyway - I just want something that's easy-to-use and effective against on-lookers. Pete

Greetings!

For anyone interested, here is what Sigaba states:

How do the Plug-ins work?
When sending secured email using SigabaSecure, the following process occurs:

A - The Sigaba software makes a secured connection to the Sigaba server and obtains a one-time key for this message.

B - The message is encrypted using this key and is delivered to the recipient(s).

C - When received, the recipient clicks on the message at which point their Sigaba client will establish a connection to the Sigaba server, obtains the one-time key and decrypts the message. At this point the recipient is able to read the message. It should be noted that the email message itself is never routed through, nor is stored at, the Sigaba Server.

How secure is Sigaba?
Sigaba uses industry-standard algorithms that have been tested against the highest benchmarks and have never been compromised. Every email message sent uses a different and unique, one-time-only key. No one can read a sender's emails without the key, and the key is only released to those to whom the mail has been addressed.

Pete, I did have a problem receiving your last message - I believe it was eudoramail.com issue. :( See my next ENCRYPTED message.

j

Hi, janusz!

Yup, had trouble with the one where you pointed out that they'd spelled 'secret service' incorrectly - finally had to use their website to unencrypt it (and it took a couple of tries, there).

Going to look for your last one now.

Okay, it decrypted okay from within OE - you're right, I needed to increase the amount of time the keyset was valid for.

That's what this is all about - finding out what makes it tick! :D

I'm going to get their whitepaper list and read up on this some more.

Good to see it worked correctly instantly when I got that last one of yours! Pete

Pete - I sent note to SigabaSecure support this morning and got this reply within minutes. I'm posting here for informational purposes (may help others).

Here is my message to Support:
"When I checked mail this morning SigabaSecure message indicated that a encrypted message was to be downloaded and I entered my password, then . . . NOTHING!"

SigabaSecure reply:
"Do you have the option to "Decrypt on download" enabled? If so we would suggest you try disabling the option and try re-downloading the message again. This assuming you leave messages on your mail server. Also, check the version of the Eudora plug-in being used. It should be 3.1.941, which
is the latest version."

I have the latest plug-in version but will have to disable "Decrypt on download" and see if that helps.

It's all a matter of becoming familar with the way it works!

j

janusz - Haven't forgotten about you - trying to get other people involved with the testing, plus, I have an email out to Segaba's tech support about the problem I had with your second email and the fact that, when I click on the 'Segaba Options' icon in OE, on the 'Read' tab, all of the options are greyed out - I can't select anything on that tab.

So, you'll be hearing from me again, via Segaba as soon as i hear something. Pete

Okay. Standing by.

Greyed out? Can't see anything. Uh-oOh. :) You should be able to change settings, etc. anytime. They responded pretty fast to my question so I expect you to hear from them soon.

Good idea about getting others involved in the testing.

j

janusz - They replied.

"Good Morning Pete,
To answer your questions,

- You do have the latest plug-in.

- Grayed out options are intentional. They may or may not be implemented in future releases.

- No known issues with what you speak of. Do be aware however if anything “alters” the encrypted message block it will almost certainly affect decryption.

- We use AES 128 bit encryption

Please do let us know if you have any other questions or comments we can address.

Best Regards,

The Support Team at Sigaba

http://www.sigaba.com/corporate/support.html "

Okay. I'll get back on that just as soon as I get everything back to normal now that I'm on cable instead of dial-up (they just came and hooked me up today, having a few problems with
that, too). Right at the moment, I can't even email them back my 'thank you' email.

What a day. Pete

Hey, Spy1 - I get the following return using your new email address:


----- The following addresses had permanent fatal errors -----
<spy1@cxxxxxxx.net>

----- Transcript of session follows -----
... while talking to cxxxxxx.net.infoave.mail1.psmtp.com.:
>>> RCPT To:<spy1@cxxxxxx.net>
<<< 550 5.7.1 Blacklisted Domain - Delivery Blocked to Recipient: spy1@cxxxxxx.net
550 <spy1@cxxxxxx.net>... User unknown

=======================

Strange. Delivery blocked to User unknown??

janusz

janusz - Check your email. Pete

Hi, Pete!

I got your message. Sent reply this morning and once again got this bounce message:

Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)

I used different addresses (mine) when I sent the earlier messages and still got bounce message.

The encrypted message could not be decrypted for some reason. Reliability problem?

j

Could be. I don't know what's going on with it - everything's apparently set correctly and working on my end.

Think we ought to drop this one and try something else?

HotCrypt? http://www.hotcrypt.dts.nl/ Pete

Yes. Time for a new approach. I'll install hotcrypt this evening and give it a go. Have you been using it??


j

D/l'ed but not installed yet (shareware). I'm going to give un-installing/re-installing Sigaba a shot first to see if that straightens it out.

I'll contact you via regular email from now on - we're just taking up space here. Pete

Sure. Email is fine. Do you have alternate email address? I've not been successful reaching you at the NEW address.

j

Pete - contact me via web-based email. I keep getting bounced from your new email address (see below).

Sorry, I give up.

j


To: januszky@eudoramail.com
Subject: failure notice

Hi. This is the mailer-daemon. I'm afraid I wasn't able to
deliver your message to the following addresses. This is a
permanent error; I've given up. Sorry it didn't work out.

<spy1@comporium.net>:
64.75.1.251 does not like recipient.
Remote host said: 550 5.7.1 Blacklisted Domain - Delivery Blocked to Recipient: spy1@comporium.net

Giving up.

Pete - Received last message and Sigaba decrypted it w/o any problems. I sent you encryted messaga and one plain. Both returned with:

----- The following addresses had permanent fatal errors -----
<spy1@comporium.net>
----- Transcript of session follows -----
... while talking to comporium.net.infoave.mail1.psmtp.com.:
>>> RCPT To:<spy1@comporium.net>
<<< 550 5.7.1 Blacklisted Domain - Delivery Blocked to Recipient: spy1@comporium.net
550 <spy1@comporium.net>... User unknown

You might check with your ISP ref their filtering service. Please give me web e-mail address so I can communicate.

j

janusz - I gave up on it. It doesn't do me any good if it just works correctly on MY end, so I just installed PGP and I'm trying to learn how to use it.

Bums me out, though - I really thought that Sigaba was going to work. Couldn't find anything out from my ISP about anything I might have had set wrong. Oh, well.

I don't have/use any web-based email, sorry. Pete

Okay!!!!

I've been exchanging Sigaba encrypted email with others for a couple of days now with no glitches. I'm pleased that it works. I may look into PGP again, but I need to set up a dual boot (WinXP/Mandrake-Linux) on the new machine I recently assembled. Ultimately, I'd like to leave MS behind and this is going to be my learning box. :)

I have no idea why you were not able to receive my messages - several - from different domains. You may have discovered a WhiteHole, The Ultimate Filter, in which information gets out but none comes in? :-) Seriously, I wonder if others may have the same problem reaching you . . . but then you may never know. ;)

Let me know it goes with PGP. Learning curve, etc.

Later, my friend! :cool:

j

janusz - :) Let me know if you got my last email (and whether you could read it - I may have PGP'd it! even though I was just trying to 'Sign' it.

I may have deep-sixed your replies myself - I had two filters going in WebWasher that I had forgotten about.

Removed them. Pete

Pete, all my email to you at the new address - either through my ISP or webmail - have been returned with "550 5.7.1 Blacklisted Domain - Delivery Blocked to Recipient."

j