Educause Security Discussion mailing list archives

Re: AES-256 and Sensitive Documents

From: Jeff Holden <jholden () CCCTECHCENTER ORG>
Date: Wed, 28 Nov 2018 12:44:13 -0800

Unless the RFC changed AES 256 is supported in TLS 1.3 via
TLS13-AES256-GCM-SHA384

Thanks,

Jeff Holden, CISSP

Chief Information Security Officer

California Community Colleges Technology Center

California Community Colleges Security Center




On Wed, Nov 28, 2018 at 11:30 AM Ronald Loneker <rloneker () cse edu> wrote:

Good Afternoon All -

Our Financial Aid office would like to have students and their parents,
when e-mailing financial aid documents containing sensitive information, to
comply with federal regulations saying the documents should be e-mailed
with AES-256 encryption.

Since TLS 1.3 was released and is now in use in Chrome, the TLS 1.3
protocol uses only AES-128 encryption so we're considering asking our
students and their parents, if e-mailing sensitive documents, to encrypt
them with a yet to be decided encryption application at the AES-256 level
and attach the encrypted file to the e-mail being sent to our Financial Aid
office.  We would provide links to easy to use, free encryption software
and provide directions on how to download, install and use it.  We are also
considering adding this software to our computer lab images for those
students who want to e-mail documents but don't have access to a computer
at home.

Right now, the other web browsers seem to be using TLS 1.2, currently
operating at the AES-256 level, with Firefox and Safari saying they expect
to move to TLS 1.3 in the near future at some point.

I'm curious as to what other schools are doing, and whether they are
putting any sort of language on their website saying that documents like
this should be encrypted to prevent unauthorized access to the data.

*Please note that I am not looking for vendor solicitations.*

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Henderson Hall, Room 202C
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229

e-mail:  rloneker () cse edu

Current thread:

AES-256 and Sensitive Documents Ronald Loneker (Nov 28)
- Re: AES-256 and Sensitive Documents Penn, Blake C (Nov 28)
- Re: AES-256 and Sensitive Documents Jones, Mark B (Nov 28)
  - Re: AES-256 and Sensitive Documents Oberlin, Craig (Nov 28)
    - Re: AES-256 and Sensitive Documents Jones, Mark B (Nov 28)
    - Re: AES-256 and Sensitive Documents Linc Nesheim (Nov 28)
    - Re: AES-256 and Sensitive Documents Gael Frouin (Nov 28)
  - Re: AES-256 and Sensitive Documents Ronald Loneker (Nov 28)
    - Re: [External] Re: [SECURITY] AES-256 and Sensitive Documents Bukaweski, Dylan S (Nov 28)
    - Re: AES-256 and Sensitive Documents Jones, Mark B (Nov 28)
- Re: AES-256 and Sensitive Documents Jeff Holden (Nov 28)
  - Re: AES-256 and Sensitive Documents Ronald Loneker (Nov 28)
    - Re: AES-256 and Sensitive Documents Jeff Holden (Nov 28)
    - Re: AES-256 and Sensitive Documents Lovaas,Steven (Nov 29)
    - Re: AES-256 and Sensitive Documents Hart, Michael (Nov 29)
    - Re: AES-256 and Sensitive Documents Amanda Williams (Dec 13)
    - Re: AES-256 and Sensitive Documents Zachary Yamada (Dec 13)
    - Re: AES-256 and Sensitive Documents Gael Frouin (Dec 13)
- Re: AES-256 and Sensitive Documents Hanson, Mike (Nov 29)
- Re: AES-256 and Sensitive Documents William Clark (Dec 06)