To Encrypt a File...

[ctaylor]

My situation is that I have a data file to deliver via the mail on either a floppy diskette or CD-ROM. (FAT16 or CDFS)

I want to protect this data should the wrong person somehow intercept and try to read this file. My problem is that the person at the other end of the communication is not especially tech savy and does not have any Kerberos, PGP etc. experience.

Do any of you have ideas on what can be done to provide a stronger level of protection that is easy for another to use? Prior communications used a password protected zip files.

Personally, I have concerns that a password protected zip file is not a strong enough file protection method.

Any feedback/ideas would be greatly appreciated.

[Bill in SD, CA]

The last thing I would do is "drop" and entrust a sensitive file in and with the US mail. Overnight via FedEx or UPS. Zip password should be good enough. Send him the "key after he acknowledges receipt.

Bill

[nukes]

How about checking out some stuff from here:
http://directory.google.com/Top/Comp...le_Encryption/
A password protected zip file is pretty strong though. They can take a very long time to crack depending on the password length/characters. I reccommend picking, say 15 random characters, that will take a good few years to break.

[ctaylor]

Thanks Bill, Thanks nukes!

I will take a look at some of the google resources and see what they have to offer. It is also assuring to learn that the ZIP file encryption is secure enough.

(My primary concern came from my own experience. I don't remember the specifics of how I did it, but I clearly recall having opened encrypted ZIP files with WinZip menu options, and not realizing until later that I had failed to use the password provided to me when opening the archive file.)




RANDOM ASIDE CONCERNING THE TIME TO CRACK COMMENT: Is it just me, or would the average person unsuccess in conventional password guessing first think of lophtcrack as the next step?

I'm told that is quite useful in cracking passwords and have some minimal concerns that everyone else would would also think of this utility too.

It has been a few years since I visited lopht's website (I hear they have gone more legit and also dropped the circular saw icon). My memory tells me that back in the 90's they had a scaled back version of the crack available for free download (and also as a teaser to entice you to purchase the full product). I think they also had free download lists of "standard passwords" to use when constructing your own brute force tools.

[mpc]

Use the self-extracting archive capability in PGP.