Your boss can see what emails you send! (SHA-1 SHA-2 MD5)

[Anaconda]

So basically if you want to send an email on your gmail account or outlook, and you don't really want your boss or anyone to be able to read what you are saying, then this thread might be helpful to you or you might already know how to get around this. Apologies in advance.

The only problem with this method is in the establishment phase; Both people need to use online software, so you tell the people via phone in the evening after work that these private emails will be hashed, either by md5, sha-1 or sha-2 (there could be stronger hashes but the higher ups probably wouldn't know how to deal with hashes anyway - maybe an IT expert in security).

md5.gromweb.com is a site you can use for md5 (or just use any other hash and reverse hash site).

So after you have instructed your partner to whom you are sending secrets to over email, tell him via telephone at your place that you will send him a hash copy of the email, then send him the hexadecimal value. He will then reverse hash the hexadecimal value and read the intended email. You could send the guy a legit text email, send a legit word document attachment with a copy of the hexadecimal value at the bottom of the page. How desperate you want to be depends on what you are talking about.

1) Establish comm's
2) Sender will type the email into a hash converter - will receive a hex value
3) Will send hex value to receiver
4) Receiver will reverse hash the hex value to find original value.


I'm only promoting secret conversations in the workforce. I really cba to talk about how to leak company secrets, and it wouldn't be via email anyway. So yeah, this was just to give some people some advice on how to keep your emails secret. PGP encryption only works with intruders, not admin users on an outlook or gmail account.

 

[Anaconda]

To add, hashes are usually used for integrity checks, not necessarily encryption, but it's the quickest way of keeping text a secret. It's also free.

 

[Sentinel]

Isn't MD5 a one way hash?

And it has been broken or something, I read a while back.

(there could be stronger hashes but the higher ups probably wouldn't know how to deal with hashes anyway - maybe an IT expert in security).

famous last words.

higher ups will ask the lower downs to do the dcryption, won't they. I haven't read about this in years, but i would use strong encryption, public and private key stuff.

BTW, what about using iMessage ?

 

[tipsa...don'tlikehim!]

Your boss can basically know everything you do and everyone you call and what you say on the phone.
Never do this mistake to talk bad about anyone on the phone at work

Once worked for a company based in Paris, I knew later on they recorded every phone calls made 24/7 (don't know if this is legal but they still do it anyway)
thats why hopefully I will never have to work in an office ever again, fingers crossed.

 

[Anaconda]

Isn't MD5 a one way hash?

And it has been broken or something, I read a while back.



famous last words.

higher ups will ask the lower downs to do the dcryption, won't they. I haven't read about this in years, but i would use strong encryption, public and private key stuff.

BTW, what about using iMessage ?

Yes Md5 has been broken but that's why I said don't be bait with the hex value. Look, the only way he can uncover the real email is if he finds the hex string in the email. If you write a legit email, then attach a word document containing the hex value, then chances are it will missed by the bosses. Sha-1 and Sha-2 are better but chances are the guys viewing your emails wont even know what MD5 or hex is.

Public and private keys are embedded into software. The user does nothing. Also, for web traffic, the user only needs to make sure of the 's' value in the url to create a secure line. PGP is done by the user but that is self explanatory

Steganography is good if you wanted to ship out secrets, but you need to be meticulous when you're playing around with files in the file explorer - forenics can find out if you have copied a file to your usb etc.


I don't know what imessage is.

 

[Vcore89]

Your boss can basically know everything you do and everyone you call and what you say on the phone.
Never do this mistake to talk bad about anyone on the phone at work

Once worked for a company based in Paris, I knew later on they recorded every phone calls made 24/7 (don't know if this is legal but they still do it anyway)
thats why hopefully I will never have to work in an office ever again, fingers crossed.

Perfectly legal... many employees are fired because their bosses (summons the IT SecOfr) knew what they are talking or writing back and forth. Perhaps plugging your own souped-up dummy onto private CTI would do the trick but then it almost often means your an IT guy that has an all access.

 

[spaceman_spiff]

Maybe this is a silly question. But, if I'm already going to call the person the evening before, presumably from home so that my boss can't hear, then why don't I just tell him/her the secrets over the phone? And if it's something that is better written out or I need to attach a file, then why don't I just e-mail the secrets from home on my home network (which my boss doesn't have access to), rather than call the person to tell him/her that I'm going to be sending an e-mail the next day which needs to be manipulated in order to be read?

I just feel like there are simpler solutions to the problem.

 

[Sentinel]

I don't know what imessage is.

Are you living under a rock, like me

Have you not heard of the San Bernadino case? Even Apple cannot unlock the iphone with the data on it. iMessage is an application of iPhone for messaging that (I am told) lives on Apple's server for only a few hours. After that it cannot be retrieved by anyone. Unles of course you back it up on iCloud. Don't tell me you dunno what iCloud is.

 

[Sentinel]

Maybe this is a silly question. But, if I'm already going to call the person the evening before, presumably from home so that my boss can't hear, then why don't I just tell him/her the secrets over the phone? And if it's something that is better written out or I need to attach a file, then why don't I just e-mail the secrets from home on my home network (which my boss doesn't have access to), rather than call the person to tell him/her that I'm going to be sending an e-mail the next day which needs to be manipulated in order to be read?

I just feel like there are simpler solutions to the problem.

I think the issue here is to separate the secret file from the key used. So the hex value is sent some other way in advance.

In the old days of ciphers and two way codes, they first sent the code / cipher through one channel and the actual encoded secret later.

From what i recall, today we DO NOT use two way encryption where the same key encrypts and decrypts (or the key for encryption can be used to arrive at the key for decryption). That is what the public and private key thing is.

However, my knowledge about this is over 11 years old, surely things have progressed since then.

 

[Vcore89]

Are you living under a rock, like me

Have you not heard of the San Bernadino case? Even Apple cannot unlock the iphone with the data on it. iMessage is an application of iPhone for messaging that (I am told) lives on Apple's server for only a few hours. After that it cannot be retrieved by anyone. Unles of course you back it up on iCloud. Don't tell me you dunno what iCloud is.

Not true...dig deeper. Not going to get into the dark side of the moon.

 

[SoBad]

I like to have confidential conversations in a swimming pool or open ocean.

 

[Sentinel]

whatja mean vcore ?