Comments for Musings on Database Security

Comment on Enlocked – simple email security by Slavik

Slavik — Mon, 20 Feb 2012 05:52:31 +0000

@watson
Indeed, using S/MIME is a good way to secure your emails. But, the fact is that it is not available across all your devices and you still need to share your public certificate with someone for him to be able to send you a secure email.
Also, I do not think this is for the faint of heart – most non-technical consumers will not be able to set this up.
I’ve used S/MIME and PGP extensively in Thunderbird but I guess I’m not your average user

Comment on Enlocked – simple email security by Slavik

Slavik — Mon, 20 Feb 2012 05:48:07 +0000

@Henry
The idea behind enlocked is to provide ease-of-use with your current tools (mobile, browser and clients) using standard encryption.

Regarding source code, I tend to agree. At least the clients should be open sourced and this would be my advice to the company. Regarding the server code, there is a balance that the company needs to strike between open and secure so I do not expect them to release the source code for that.
BTW – they have an open API so anyone can create their own clients to use it. Also, the encryption is standard PGP so you can use existing clients like GPG to decrypt.

Comment on Enlocked – simple email security by watson

watson — Mon, 20 Feb 2012 05:15:16 +0000

Email certificates provide the strongest levels of confidentiality and security for your electronic communications by allowing you to digitally sign and encrypt your mail and attachments. I am using the COMODO email certificates.It is really good.

Comment on Enlocked – simple email security by Henry

Henry — Sun, 19 Feb 2012 23:26:18 +0000

Encrypted email storage would be nice, something like the one provided by CryptoHeaven
http://cryptoheaven.com

Source code should also be available for review by the community to ensure security without relying on what the company promises.

Comment on Enlocked – simple email security by Slavik

Slavik — Thu, 16 Feb 2012 18:07:19 +0000

Good point, Simon – but you have to remember that you’re already sending your data somewhere and it is mined and processed by the likes of Google.
As an investor and a technical person I had the advantage of reviewing the code and I validated both the security of the infrastructure as well as the fact that nothing is kept on Enlocked servers immediately after encryption / decryption is performed.

I know they went through 2 separate external security audits as well.

But – it all revolves around trust, I guess. Who do you trust more – Google/Yahoo/your ISP/your admin or a startup that its sole purpose is to secure your emails and they state specifically they will not use them or keep them in any shape or form.

Comment on Enlocked – simple email security by Simon

Simon — Thu, 16 Feb 2012 08:34:23 +0000

Sounds interesting but what about security of data being in their cloud?Not sure I like sending confidential data off to some “start-up’s” server somewhere else.