In my last post I talked about encryption algorithms Data Encryption Standard (DES) and triple DES (3DES).

Other encryption algorithms include RC4, RC5, RC6 (proprietary encryption ciphers named after Dr. Ronald Rivest of what is now RSA Security) and the more recently approved standard, Advanced Encryption Standard (AES).

Remember that DES uses a 56-bit key size. It has routinely been attacked over the years and proven to be vulnerable.

AES is a U.S. government standard defined in Federal Information Processing (FIPS) Standard Number 197 in 2001. It is the federal government approved encryption algorithm and can be used up to SECRET level with 128-bit keys and up to TOP SECRET level with 192-bit keys. As such, AES specifies three approved key lengths: 128-bits, 192-bits and 256 bits. The AES standard employs a “symmetric” encryption approach. It requires the same key to be used for encryption and decryption. The AES standard was actually submitted to the AES selection process under the name “Rijndael” by two Belgian cryptographers, Joan Daemen and Vincent Rijmen.

Just a quick side note:  Federal Information Processing Standards Publications (FIPS PUBS  -  http://csrc.nist.gov/publications/) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Computer Security Act of 1987 (Public Law 100-235). Just in case you get curious and want to research this a little more.

Several vendors have come out with products that allow you to send encrypted email messages or to encrypt file attachments with Microsoft Outlook. These products also collect and manage your passwords, both for sending and receiving encrypted files. Most will allow you to use 256-bit keys for encryption. And I have even come across a vendor or two who are using 512-bit keys for encryption of email files.

There are many types of users who would welcome the ability to protect their emails such as: banks, manufacturers, human resource departments, medical professionals, lawyers and social service agencies. Anyone who deals with private information such as social security numbers, bank account numbers, medical records, etc.
Some of these applications will also allow you to create and send a self-decrypting .exe file.
If not self-decrypting then the user must convey the Encryption Key to the recipient of the email by some means other than the email itself. Examples of this include: phone, fax, and courier.