WinZip to the rescue
JPeterson at bmjgroup.com
Fri Nov 23 13:13:29 GMT 2007
Thanks to recent errors by our friends in Whitehall, our company has
decided to care about encrypting things a bit. In particular some not
massively interesting mailing lists that get sent to shipping companies.
I'm struggling to find a better alternative than encrypted zip files with
a strong and seperately faxed password.
Despite plenty of criticism around winzip 9.0's AES implementation, I'm
struggling to find any concrete evidence that it's easy to break. I only
see brute force attacks widely available, and they all seem slow enough
not to matter (200/s).
The main drawback to using winzip, is that you are using winzip. It just
sounds hopelessly noddy. Of course, in the event of an audit you describe
it as "We send data using 256-bit AES encryption" which sounds much
better, but still, you have to wonder.
All the usual restrictions about the recipient being a technically dull
worker drone apply, so fancy solutions are a non-starter.
* Please don't mention PGP. Nobody's mentioned it to me for years, and the
feeling is wonderful.
* Please don't mention man in the middle attacks, because I don't care
* Please don't talk about digital signatures, and trust networks, because
I don't care about them either***.
** Because I'm only worried about email's being embarrassingly mis-sent,
or naughtily copied, not being intercepted by elite haxx0rz.
*** That's in the strong, existential sense of not caring - you know, like
not caring about Britney.
BMJTechnology, +44 (0)20 7383 6092
jpeterson at bmjgroup.com
The BMJ Group is one of the world's most trusted providers of medical information for doctors, researchers, health care workers and patients www.bmjgroup.bmj.com. This email and any attachments are confidential. If you have received this email in error, please delete it and kindly notify us. If the email contains personal views then the BMJ Group accepts no responsibility for these statements. The recipient should check this email and attachments for viruses because the BMJ Group accepts no liability for any damage caused by viruses. Emails sent or received by the BMJ Group may be monitored for size, traffic, distribution and content. BMJ Publishing Group Limited trading as BMJ Group. A private limited company, registered in England and Wales under registration number 03102371. Registered office: BMA House, Tavistock Square, London WC1H 9JR, UK.
More information about the london.pm