Topic: Sending REALLY sensitive information (Read 3403 times)

Oh, that's good to know!  I am looking for GUI options, but perhaps one of the GUI's available for general GPG encryption would also support symmetric encryption.  Thanks!

gpg can do symmetric encryption only, if you ask it to.
see the "-c" switch in man gpg

Thanks, I'll check out 7-zip.  And yes, I was thinking 20-char.  Maybe 25 or 30 char would be even safer, but that might be overkill.

I understand that almost everything requires for the computer to be online.  But I'd like multiple methods that do not involve putting the private information on a computer that could potentially be compromised unless that information is otherwise secured (i.e. encrypted).  It seems the only real way to do this is to encrypt the information on the offline machine prior to bring it to the online machine.  Or, potentially, physical delivery (via postal service).  I guess that gives me 3 options.  I am satisfied with these results then.  Thanks to all who have participated in this thread!

7-zip can do that. 10-char password is not enough. I will go with 20+ random password.

Almost everything requires for computer to be online. Being online is all what the internet is all about. Next time search for possible ways to encrypt and send information when computer is both offline and turned off

Thanks, and good point.

I suppose the big difference I see between the two is that GPG requires a public key to encrypt with, whereas a .rar can be encrypted with anything of my choosing, provided I give the password to the party through an alternate channel.  Is there something .rar style that uses an open format?

you do not want to to use a closed format for encryption.

gpg can be used to encrypt files too.

Reviving this thread...

I got to thinking about it more, and most of these solutions rely on the machine in question being online at some point in time.

Bitmessage requires a connection to send out (Unless there is a way to create a transaction on an offline computer, then transfer the tx to an online computer to be broadcast? That would be awesome!)

GPG mail seems to require an online connection as well (connect to your email host).  I wish there was an easy method to use someone's PGP key and encrypt a message offline, but the only solution I can find for that is via command line.  It's an option, I suppose, but I don't like it much.

OTR IM Chat/Tor Chat - obviously requires the machine to be online.

readthenburn - again, obviously requires the machine to be online.

.RAR - seems like it would work offline?  I took a look at some .rar password crackers, and even a 10-char address said it would take "too long" to crack.  Would it be reasonable to expect the .rar encryption to hold with a sufficient length password (say, 20 chars?), at least until quantum computing becomes a thing?  As long as the .rar and password were sent through different channels (email + bitmessage, for instance), it seems as though it'd be very difficult to crack.

Let's leave the MITM argument alone for the time being.

EDIT:  Just found a plethora of GUIs for GPG though - nice!  http://www.gnupg.org/related_software/frontends.en.html

Obligatory: http://xkcd.com/538/

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/

Can you hear me now? How about now? A lil louder .. Ok good..





Dad said to go ahead and give him a ...
https://www.youtube.com/watch?v=w-tr0pVynJs

The look on his face at the end of the video is what happens after you send what ever youre thinking about sending!

lolz





The US said go ahead and send the dam 5 BTC just stop talking about it.. in fact they will give you 5 BTC just to stfu..

(  ok so i got jokes.. thought i would try to lighten the mood )
Cheers

they are different, but if you can't authenticate, encryption does not really matter.

the attacker in man in middle attack can also be passive observer. He is not required to modify the plaintext messages, just decrypt, store and resend encrypted with his own key. The security question will go trough as without MITM attack.

Now we are talking about authentication rather than encrypted channel security. They are different animals.

have you heard about computers?

(btw. you are ignored now, have a nice and ignorant life)

simple example:
Alice to Attacker: answer this question _, and i will believe you are bob.
Attacker to Bob:  answer this question _, and i will believe you are bob.
Bob to Attacker: this is the answer to the question: _.
Attacker to Alice: this is the answer to the question: _.
Alice to Attacker: hello, bob!
Attacker to Bob: kthxbye.

and the Attacker and Alice continues the conversation. It is really that simple, and security would not be any better even with public-key cryptography(unless they where pre-distributed).

now, please STFU and go learn some basic cryptography.

I hear there's a thing called computers which can replace many people for a lot of repetitive tasks. Could be just a fad though.

if the information is sensitive enough, then Yeah! tap all the stuff.

but the only hard thing to do here is the phone, the rest is text based and can easily be faked.

the only impossible thing is pre-distributed public keys(gpg or similar), but that would require the two parties of the communication to meet at least once.

www.bitmessage.org

whatever you do, NOT privnote

NSA, go look it up you don't know what it is.

no one is talking about vira, you should really go read some more about basic cryptografi, as you cleary don't understand.

In case you're interested.  This is an encryption technique that is very secure as long as the pad is secret.  Even if your picture of a cat was your pad and public I still feel that no one is going to  XOR your message with that picture of a cat. 

http://en.wikipedia.org/wiki/One-time_pad

I am skeptical as well but they say that your message is encrypted client-side using a random 256 bit AES key stored in the URL and the cleartext message and secret key is never sent to them.  Source code is available but I am still learning to analyse crypto primitives so I can't confidently say this is safe.