Mailinglist Archive: opensuse (908 mails)

< Previous Next >
Re: [opensuse] Off-Topic: sending details (in)securely via email
On 06/04/2016 07:23 AM, Carlos E. R. wrote:
On 2016-06-03 22:30, Aaron Digulla wrote:
On 02.06.2016 11:44, Carlos E. R. wrote:

To transmit via email, put the image into an archive and encrypt the
archive with AES and use a good password. Tell the company the password
by phone.
How would one encrypt with AES? :-?

7z supports AES-256 on all platforms.

http://www.howtogeek.com/203590/how-to-create-secure-encrypted-zip-or-7z-archives-on-any-operating-system/

Ok.

But then they have access to the document in clear. They would extract
it, then forward it in clear to whatever department or agency requests
it, on clear email.


The issue gets back to, on the one hand, how creative-tech are they and
on the other, the old adage about God inventing better idiots as we try
to make things idiot proof.

I liked the idea about a password protected PDF of the image.
At least that guarantees the file won't be forwarded in the clear,
unless a recipient has the tools to remove the password protection.

HOWEVER, it doesn't prevent the idiot secretary forwarding the password
along with the file.

HOWEVER, it doesn't prevent the idiot secretary printing out the image
and FAXing that or scanning that.


Personally I think there is no completely secure way to deal with this
matter. Any "secure channel" you may think of, well the secretary
amounts to a MitM "attack'.

==============

Its one thing to give your SSN & bank account details to the payroll
people (for direct deposit of you wages and for direct tax deduction);
they are in a position to recognise their fiducial responsibilities.

But HR & line receptionists/secretaries don't seem to understand that
same, don't understand PII. Maybe it different your side of the ocean,
but this side that segment of the corporation seems populated by
post-millennial, or at least iPhone obsessed items that are young enough
to be my grand-daughter. There are enough articles out there on how
these ... don't have the same view of the need to protects PII that us
"old codgers" (aka anyone born before 1995) do.


--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups