ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Sigaba tries to simplify encrypted e-mail

Network World Fusion

(IDG) -- Experts have long contended that encrypted e-mail can become an everyday occurrence only when end users need only push a button to securely send messages.

Start-up Sigaba thinks it has developed that button.

The company recently unveiled SigabaSecure, a system for encrypting e-mail with the click of a button. SigabaSecure is based on software that plugs into popular e-mail clients, including Eudora, Lotus Notes, Microsoft Outlook, Netscape Messenger and Novell GroupWise.

Sigaba, which was the name of a U.S. encryption device during World War II that was never compromised by the enemy, is also developing an enterprise server-based version of its software. The enterprise version lets IT managers encrypt outgoing e-mail at the server based on a set of policies. No software is needed for desktop clients.

Getting around PKI

  Network World Fusion home page
  Should you encode your e-mail?
  Make your e-mail disappear
  U.S. surfers want guaranteed privacy
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Encrypted e-mail, which has been discussed for nearly two decades, suffers from many problems, most notably encryption key management. With a public-key infrastructure (PKI), users must have a public key for every recipient and IT must manage sets of private encryption keys.

Sigaba reduces key management by providing only a symmetrical key to encrypt and decrypt messages, eliminating public and private keys. SigabaSecure assigns keys to messages, not users.

"I'm looking for the gotchas in the software," says Eric Arnum, editor of "Messaging Online," an e-mail newsletter. "When you make things easy for the end user you have to make compromises, but I haven't seen those yet with Sigaba. They have eliminated the fatal flaw in PKI [key management]."

Other vendors, such as ZixIt, HushMail and Tumbleweed, also are focusing on secure message delivery, but Sigaba's difference is that it never touches the actual e-mail.

When a user sends a message using SigabaSecure, the plug-in communicates with a key server maintained by Sigaba. The server authenticates the user over a Secure Sockets Layer connection before creating a key and message identifier for the e-mail, and sending it back to the user. The key uses the Blowfish algorithm to encrypt the message on the user's desktop and send it off.

The process is a subsecond performance hit, according to Sigaba officials.

The process is reversed for the recipient of the message. If the recipient does not have the plug-in, it can be downloaded. If the recipient doesn't use an e-mail client that supports Sigaba's software, Sigaba can decrypt the message and deliver it.

"Encryption that is simple and can be plugged into existing software is essential," says David Raucher, president of Telcopoint in Dallas. "With sales documents and bills being sent as attachments, you need security." Raucher is using Sigaba as part of Telcopoint's Secure PC Call, an encrypted voice-over-IP conference calling service. Sigaba provides secure notification to participants invited into Secure PC Call.

In the fall, Sigaba will release the enterprise version of the software, which runs on Windows NT, Unix and Linux.

"IT managers will have access to the key for any message," says Richard Bliss, vice president of marketing for Sigaba.

The company will provide free server software to companies and charge approximately $1 per user to manage keys.

Thwart hackers with a XyLoc wristwatch
August 23, 2000
Review: U-Match mouse make biometrics easy
August 22, 2000
Security experts warn of holes in Lotus Domino
August 2, 2000
Dutch Secret Service accused of e-mail snooping
August 2, 2000
Digital signatures create market potential
July 31, 2000

Make your e-mail disappear
U.S. updates encryption export policy
Should you encode your e-mail?
(The Industry Standard)
Encryption could starve Carnivore
Campaigns dig digital dirt
U.S. surfers want guaranteed privacy
Charity e-mail requests? Don't believe it

Sigaba homepage
HushMail homepage

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.