[ZendTo] Re: Simple encryption method

Andy Newton a.m.newton at soton.ac.uk
Wed Jun 8 16:47:02 BST 2011


Apologies for the lack of useful info - my first email contained an 
actual suggestion (GPG), but it looks like it didn't make it out of 
ThunderBird in one piece :-/

On 08/06/11 15:38, Andy Newton wrote:
> Depends what the requirement is really - it'll stop the data being
> snooped in transit to and from the server, but if the data is somehow
> sensitive it's probably worth encrypting it before uploading (that way
> if an attacker or rogue sysadmin starts poking through your sensitive
> dropoffs, they won't get anything useful - ditto if somebody uncovers a
> vulnerability in ZendTo which allows them to grab other users' dropoffs,
> or a variety of other scenarios).
>
> I can think of two main issues with encrypting the file client-side:
>
> 1) The recipient needs to be able to decrypt it (so whatever encryption
> software you use probably needs to have some mechanism for key distribution)
> 2) You won't be able to virus scan it server side (which you may or may
> not care about)
>
> Encrypting the file at the server end may not be worth it; if somebody
> can get at the file itself, most likely there's a way for them to find
> the encryption key too (especially if they're the sysadmin).
>
> There's probably a load of other fun and exciting stuff to think about
> that I've forgotten - and of course it all depends on the requirements :-)
>
> Cheers,
>
> Andy Newton
> Electronics and Computer Science
> University of Southampton, UK
>
> On 08/06/11 14:36, Joshua F. Withrow wrote:
>> Doesn't using HTTPS provide this thru the entire process?
>>
>>
>> Josh Withrow
>> Software Developer
>> Office: 410-548-1627 x154
>> Email: jwithrow at matech.net
>>
>>
>> -----Original Message-----
>> From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of John Cooper
>> Sent: Wednesday, June 08, 2011 9:06 AM
>> To: ZendTo Users
>> Subject: [ZendTo] Simple encryption method
>>
>> We are looking to implement Zendto but need to offer a way to secure files that is simple. Does anyone have a simple method to encrypt files before dropping off?
>>
>> Thanks, John.
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>>
>> This message is the property of Machining Technologies, Inc (MaTech) and the Information contained herein may be/is subject to the Code of Federal Regulations Chapter 22 International Traffic in Arms Regulations (ITAR).  This data may not be resold, diverted, transferred, transshipped, made available to a foreign national within the United States, or otherwise disposed of in any other country outside of its intended destination, either in original form or after being incorporated through an intermediate process into other data without the prior written approval of the US Department of State.  The  information  in  this e-mail  and  subsequent  attachments  may contain legally privileged, proprietary  and/or  confidential information  that  is intended only for the use of the addressee(s).
>> No addressee should  forward, print, copy or otherwise reproduce  this message  in  any manner that  would allow  it  to  be  viewed by any individual  not  originally listed  as the recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this e-mail information is prohibited.  If you have received this communication in error, please immediately notify the sender by telephone or return e-mail and delete this e-mail. Thank You.
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto



More information about the ZendTo mailing list