Re: File Hosting/Sharing Services [dropbox, mobile me, etc.]

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Fri, 14 Jan 2011 07:23:36 CST, "Pratt, Benjamin E." said:

> Sending password over e-mail, unless that e-mail is encrypted with something
> like GPG or PGP, is an incredibly scary thought.

All depends on the value of the password and what your threat model is. Assume
we're talking about a one-off password that decrypts exactly one encrypted
file.  The total risk isn't all *that* high.

Remember, although it's *possible* to intercept an e-mail, it's *likely*
to happen in only a few major cases:

0) We can operate under the assumption that the e-mail isn't being specifically
targeted, as this would mean that somebody *already* monitors your business
process in enough detail to know that you are about to hit 'send' on that
e-mail. At that point, do you want to trust the phone? (Serious question, that
one is). So, we conclude that the danger is "intercepted accidentally or in
bulk and used opportunistically".

0A) The possibility of the e-mail getting stolen as it sits in the mail spool of
the e-mail provider is vanishingly small.  If the other end runs their own mail
server and it gets hacked, they have bigger problems.  If they're using a reputable
outside provider and it gets hacked, we *all* have bigger problems.

1) Somebody is *already* monitoring all your packets and happens to hoover up
the e-mail as well.  Unless you forgot to secure your wireless connection, this
is really not that common these days as most Ethernet is cat-5 rather than
thinwire and passive sniffing is harder than it used to be. Thus, if your
traffic is being monitored to that level already, you have bigger problems.

2) One of the endpoints is already compromised.  If the bad guy is able to
intercept the mail with the password as it is processed on the PC, they're *also*
able to intercept the password when it's used to decrypt the data (and the
now-decrypted data as well).  Again, you have bigger problems...

3) The password ends up saved on the same PC as the data, and the PC is stolen.
Now, it's a safe bet that the user at the other end will end up saving the now-decrypted
data, and you're going to wish you had full-disk encryption in place.  But again,
if you weren't doing that and the PC was stolen, you have bigger problems...

Yes, it is indeed a mildly scary thought, but if you find it "incredibly"
scary, I wonder what words you use to describe the truly bad news stuff, like
"140 million compromised PCs".  Now *that* is a scary thought - that no matter
what care you take to get the data safely to the other end, there's like a 1 in 5 or
1 in 10 chance that it will be processed on a computer under somebody else's
control.

Now, given that - how hard do you *really* need to try to get the password there
safely? :)

Attachment: _bin
Description: