[ZendTo] Re: Simple encryption method

Wed Jun 8 15:38:31 BST 2011

Depends what the requirement is really - it'll stop the data being 
snooped in transit to and from the server, but if the data is somehow 
sensitive it's probably worth encrypting it before uploading (that way 
if an attacker or rogue sysadmin starts poking through your sensitive 
dropoffs, they won't get anything useful - ditto if somebody uncovers a 
vulnerability in ZendTo which allows them to grab other users' dropoffs, 
or a variety of other scenarios).

I can think of two main issues with encrypting the file client-side:

1) The recipient needs to be able to decrypt it (so whatever encryption 
software you use probably needs to have some mechanism for key distribution)
2) You won't be able to virus scan it server side (which you may or may 
not care about)

Encrypting the file at the server end may not be worth it; if somebody 
can get at the file itself, most likely there's a way for them to find 
the encryption key too (especially if they're the sysadmin).

There's probably a load of other fun and exciting stuff to think about 
that I've forgotten - and of course it all depends on the requirements :-)

Cheers,

Andy Newton
Electronics and Computer Science
University of Southampton, UK

On 08/06/11 14:36, Joshua F. Withrow wrote:
> Doesn't using HTTPS provide this thru the entire process?
>
>
> Josh Withrow
> Software Developer
> Office: 410-548-1627 x154
> Email: jwithrow at matech.net
>
>
> -----Original Message-----
> From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of John Cooper
> Sent: Wednesday, June 08, 2011 9:06 AM
> To: ZendTo Users
> Subject: [ZendTo] Simple encryption method
>
> We are looking to implement Zendto but need to offer a way to secure files that is simple. Does anyone have a simple method to encrypt files before dropping off?
>
> Thanks, John.
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> This message is the property of Machining Technologies, Inc (MaTech) and the Information contained herein may be/is subject to the Code of Federal Regulations Chapter 22 International Traffic in Arms Regulations (ITAR).  This data may not be resold, diverted, transferred, transshipped, made available to a foreign national within the United States, or otherwise disposed of in any other country outside of its intended destination, either in original form or after being incorporated through an intermediate process into other data without the prior written approval of the US Department of State.  The  information  in  this e-mail  and  subsequent  attachments  may contain legally privileged, proprietary  and/or  confidential information  that  is intended only for the use of the addressee(s).
> No addressee should  forward, print, copy or otherwise reproduce  this message  in  any manner that  would allow  it  to  be  viewed by any individual  not  originally listed  as the recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this e-mail information is prohibited.  If you have received this communication in error, please immediately notify the sender by telephone or return e-mail and delete this e-mail. Thank You.
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto