WinZip to the rescue

Nicholas Clark nick at ccl4.org
Fri Nov 23 13:45:21 GMT 2007


On Fri, Nov 23, 2007 at 01:13:29PM +0000, Jonathan Peterson wrote:
> Hi,
> 
> Thanks to recent errors by our friends in Whitehall, our company has 
> decided to care about encrypting things a bit. In particular some not 
> massively interesting mailing lists that get sent to shipping companies. 
> I'm struggling to find a better alternative than encrypted zip files with 
> a strong and seperately faxed password.

I'd already thought a bit about this part, and wondered, isn't it more secure
to only transmit the password once you have confirmation that the encrypted
discs have arrived? The reasoning being that unless and until you send the
password out, they are no better that toasters (or /dev/urandom), so if they
get lost and no confirmation is ever given, there is no* risk of the data
escaping.

Secondly, I was assuming that a phone call (providing each party recognises
the other's voice) is more secure than a fax, if you care about other
individuals inside the receiving building (possibly unauthorised)
intercepting and copying the password, as typical fax machines aren't
securely located. Although "secure password" probably contains things that
are hard to spell out, which might make that a bad plan.

Nicholas Clark


* strictly, "negligible", unless someone really doesn't like you and has a
  lot of very fast computers. All this assumes that no-one on your side leaks
  the password.


More information about the london.pm mailing list