" AES256 Archives - LuxSci

Posts Tagged ‘AES256’

How to Secure SMTP Email Delivery with TLS

Tuesday, August 29th, 2023

Secure email sending is a priority for organizations that communicate sensitive data externally. One of the most common ways to send secure emails is with SMTP TLS. TLS stands for Transport Layer Security and is the successor of SSL (Secure Socket Layer). TLS is one of the standard ways that computers on the internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:

  1. Computer A connects to Computer B (no security)
  2. Computer B says “Hello” (no security)
  3. Computer A says, “Let’s talk securely over TLS” (no security)
  4. Computers A and B agree on how to do this (secure)
  5. The rest of the conversation is encrypted (secure)

In particular:

  • The conversation is encrypted
  • Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
  • The conversation cannot be eavesdropped upon (without Computer A knowing)
  • A third party cannot modify the conversation
  • Third parties cannot inject other information into the conversation.

TLS and SSL help make the internet a more secure place. One popular way to use TLS is to secure SMTP to protect the transmission of email messages between servers.

hands on a keyboard sending secure email

Read the rest of this post »

Tags: AES256, email encryption, email security, opportunistic TLS, secure, secure email, smtp, smtp tls, ssl, ssl certificate, starttls, tls
Posted in AAA Featured Articles, LuxSci Library: HIPAA, LuxSci Library: Security and Privacy, Popular Posts
15 Comments »

What Level of SSL or TLS is Required for HIPAA Compliance?

Thursday, January 2nd, 2020

SSL and TLS are not monolithic encryption entities that you use or do not use to securely connect to email servers, websites, and other systems. SSL and TLS are evolving protocols with many nuances to how they may be configured. The “version” of the protocol and the ciphers used directly impact the level of security achievable through your connections.

Some people use the terms SSL and TLS interchangeably, but TLS (version 1.0 and beyond) is the successor of SSL (version 3.0). See SSL versus TLS – what is the difference? In 2014 we saw that SSL v3 was very weak and should not be used going forward by anyone; TLS v1.0 or higher must be used.

Among the many configuration nuances of TLS, the protocol versions supported (e.g., 1.0, 1.1, 1.2, and 1.3) and which “ciphers” are permitted significantly impact security. A “cipher” specifies the encryption algorithm, the secure hashing (message fingerprinting / authentication) algorithm to be used, and other related things such as how encryption keys are negotiated. Some ciphers that have long been used, such as RC4, have weakened over time and should never be used in secure environments. Other ciphers protect against people who record a secure conversation from being able to decrypt it in the future if somehow the server’s private keys are compromised (perfect forward secrecy).

Given the many choices of ciphers and TLS protocol versions, people are often at a loss as to what is specifically needed for HIPAA compliance. Simply “turning on TLS” without configuring it appropriately is likely to leave your transmission encryption non-compliant.

Read the rest of this post »

Tags: AES256, cipher, ePHI, hipaa, NIST 800-52, ssl, sslv3, tls, tls v1.0, tls v1.2
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »