WinZip to the rescue

Paul Makepeace paulm at paulm.com
Fri Nov 23 14:18:37 GMT 2007 

I have web host clients I prefer to steer down the SSH route since it
reduces the likelihood of me getting "I've lost my password" emails.
I've found the Mac & Windows clients pretty decent and pain-free once
they're set up. Having iterated through this a few times i've ended up
with this page, http://realprogrammers.com/how_to/sftp_and_scp.html
which even technically-challenged folks can follow now. Since it
involves them producing their own key it doesn't require any shared
secrets. The times I've run into troubles I've found SMS a good medium
for those.

HTH, Paul

On Nov 23, 2007 5:13 AM, Jonathan Peterson <JPeterson at bmjgroup.com> wrote:
> Hi,
>
> Thanks to recent errors by our friends in Whitehall, our company has
> decided to care about encrypting things a bit. In particular some not
> massively interesting mailing lists that get sent to shipping companies.
> I'm struggling to find a better alternative than encrypted zip files with
> a strong and seperately faxed password.
>
> Despite plenty of criticism around winzip 9.0's AES implementation, I'm
> struggling to find any concrete evidence that it's easy to break. I only
> see brute force attacks widely available, and they all seem slow enough
> not to matter (200/s).
>
> The main drawback to using winzip, is that you are using winzip. It just
> sounds hopelessly noddy. Of course, in the event of an audit you describe
> it as "We send data using 256-bit AES encryption" which sounds much
> better, but still, you have to wonder.
>
> All the usual restrictions about the recipient being a technically dull
> worker drone apply, so fancy solutions are a non-starter.
>
> Thoughts?*
>
> * Please don't mention PGP. Nobody's mentioned it to me for years, and the
> feeling is wonderful.
> * Please don't mention man in the middle attacks, because I don't care
> about them**.
> * Please don't talk about digital signatures, and trust networks, because
> I don't care about them either***.
>
> **  Because I'm only worried about email's being embarrassingly mis-sent,
> or naughtily copied, not being intercepted by elite haxx0rz.
> *** That's in the strong, existential sense of not caring - you know, like
> not caring about Britney.
>
> ----
> Jonathan Peterson
> BMJTechnology, +44 (0)20 7383 6092
> jpeterson at bmjgroup.com
>
> _______________________________________________________________________
> The BMJ Group is one of the world's most trusted providers of medical information for doctors, researchers, health care workers and patients www.bmjgroup.bmj.com.  This email and any attachments are confidential.  If you have received this email in error, please delete it and kindly notify us.  If the email contains personal views then the BMJ Group accepts no responsibility for these statements.  The recipient should check this email and attachments for viruses because the BMJ Group accepts no liability for any damage caused by viruses.  Emails sent or received by the BMJ Group may be monitored for size, traffic, distribution and content.  BMJ Publishing Group Limited trading as BMJ Group.  A private limited company, registered in England and Wales under registration number 03102371.  Registered office: BMA House, Tavistock Square, London WC1H 9JR, UK.
> _______________________________________________________________________
>

More information about the london.pm mailing list