19 replies to this topic

[arachnoid]

Would it be simpler if they are none technical to set up a pass worded folder on an on-line server be it a free or paid service ?

[Dashel]

That's what I was wondering, do you actually need encryption (two locks) or would a gated file share meet your security needs?

[+BudMan]

I find it unlikely that any civilians would actually have valid "need" of encryption of this nature to be honest. If company, and has evaluated the risk of sending specific information over clear text email is too high. Then the company would use an enterprise grade encryption system..

Banks for example use a secure email platform to send email to clients - just got one from my bank today, etc. Can use this system to send them any documentation I need to send for loans and such.

Back in old job, when sending information to drug company for employee's medial status etc.. Contained employee personal info -- they gave us their public key, and we then encrypted the information to their key and placed it on their ftp server. This insured could not be intercepted during transfer, and if ftp server was compromised only get a bunch of encrypt files that good luck decrypting

Do I really need to encrypt emails to friends and family that hey can make the party, what are you buying bob for his birthday. These are directions to my house, did you see this funny web site, etc. Beers tonight after work, etc.

I have a hard time thinking of stuff I would be sending to friends or family that would actually justify encryption to be honest.. I am curious what sort of info they are going to be emailing that warrants AES 256 bit encryption?

Now the geek in me says how encrypted can I make it -- and if sending to fellow geeks, sure might encrypt the hey meet you at joes for beers after work, etc. But other than that not so sure its actually warranted to use for day to day communications.. Now sure if I was sending my medial/personal info to a doctor or insurance company, etc. Then they should provide me with a secure way of sending them that info.

On the other hand - why not just encrypt all communication if simple enough.. Problem is normal users can barely understand what email is, let alone encrypted email

[arachnoid]

One the flip side of your argument If a user wishes to encrypt files for what ever reason they choose it is and always will be unless laws change, their right to do so.

[Cheryl_27]

All valid & useful points. An online (free) server that has NO part in the encrypting or entering a PW on their site, to use to generate the encryption, etc. As (one example) on Lavabit (or similar) handed over encrypted email & the "means" for LEAs to decrypt the mail (I forgot the exact details).
Yes, we're trading international top classified secrets - over Gmail, etc.

No BudMan, we don't need 256 bit encryption. At least not w/ current technology levels. But, many encryption prgms offer either very weak or very strong encryption. So, it's take what you can get (for free, or small donation).
But I DO use strong encryption (& strong PW / keys) for my financial acct #s, bank login info, etc.

Though some might, I never intended to encrypt email about the weather. Things encryption may be useful for individuals - legal / medical correspondence; sending info about such things to family members; discussing things that are, or are mistakenly interpreted as being of interest to HLS / NSA. Many don't want HLS scanning their email & kicking them out into an "inspect closer" pile, because it happens to have a few political / gov't security buzz words in it, any more than they want anyone w/ a "big ear" long range microphone, sitting outside their house, listening to private conversations. That would be an invasion of privacy & is creepy.

No, don't NEED 256 bit encryption unless trying to protect something really important. If I'm going to encrypt either email or files on my PC, may as well use something strong, if it takes no more time to do it.

I guess w/ PGP, you select the strength of the keys. But many stand alone software, you have one encryption bit strength choice, then of course the chosen strength of PW / Phrase (or in some, Keys).