Bitcoin Forum
May 11, 2024, 08:17:28 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Off-topic > Sending REALLY sensitive information
Pages: « 1 2 [3]  All
« previous topic next topic »
  Print  
Author Topic: Sending REALLY sensitive information  (Read 3403 times)
ionux
Full Member
***
Offline Offline

Activity: 140
Merit: 100



View Profile WWW
March 30, 2013, 12:37:34 PM
 #41
Obligatory: http://xkcd.com/538/
CoinPrice.US - Current market prices in a clean, ad-free interface.  API available for adding Bitcoin prices to your site!  |  Escrow service: https://bitcointalk.org/index.php?topic=502569.0  |  Reputation thread: https://bitcointalk.org/index.php?topic=494163  |  Public key: http://coinprice.us/public_key.txt  |  URL shortener project: http://10b.us  Cheesy
1715415448
Hero Member
*
Offline Offline

Posts: 1715415448

View Profile Personal Message (Offline)

Ignore
1715415448
1715415448
Reply with quote  #2
1715415448
Report to moderator
1715415448
Hero Member
*
Offline Offline

Posts: 1715415448

View Profile Personal Message (Offline)

Ignore
1715415448
1715415448
Reply with quote  #2
1715415448
Report to moderator
BitcoinCleanup.com: Learn why Bitcoin isn't bad for the environment
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
SgtSpike (OP)
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 11, 2013, 06:10:34 PM
 #42
Reviving this thread...

I got to thinking about it more, and most of these solutions rely on the machine in question being online at some point in time.

Bitmessage requires a connection to send out (Unless there is a way to create a transaction on an offline computer, then transfer the tx to an online computer to be broadcast? That would be awesome!)

GPG mail seems to require an online connection as well (connect to your email host).  I wish there was an easy method to use someone's PGP key and encrypt a message offline, but the only solution I can find for that is via command line.  It's an option, I suppose, but I don't like it much.

OTR IM Chat/Tor Chat - obviously requires the machine to be online.

readthenburn - again, obviously requires the machine to be online.

.RAR - seems like it would work offline?  I took a look at some .rar password crackers, and even a 10-char address said it would take "too long" to crack.  Would it be reasonable to expect the .rar encryption to hold with a sufficient length password (say, 20 chars?), at least until quantum computing becomes a thing?  As long as the .rar and password were sent through different channels (email + bitmessage, for instance), it seems as though it'd be very difficult to crack.

Let's leave the MITM argument alone for the time being.

EDIT:  Just found a plethora of GUIs for GPG though - nice!  http://www.gnupg.org/related_software/frontends.en.html
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
April 11, 2013, 06:21:41 PM
 #43
Quote from: SgtSpike on April 11, 2013, 06:10:34 PM
.RAR - seems like it would work offline?  I took a look at some .rar password crackers, and even a 10-char address said it would take "too long" to crack.  Would it be reasonable to expect the .rar encryption to hold with a sufficient length password (say, 20 chars?), at least until quantum computing becomes a thing?  As long as the .rar and password were sent through different channels (email + bitmessage, for instance), it seems as though it'd be very difficult to crack.
you do not want to to use a closed format for encryption.

gpg can be used to encrypt files too.
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
SgtSpike (OP)
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 11, 2013, 06:25:22 PM
 #44
Quote from: kokjo on April 11, 2013, 06:21:41 PM
Quote from: SgtSpike on April 11, 2013, 06:10:34 PM
.RAR - seems like it would work offline?  I took a look at some .rar password crackers, and even a 10-char address said it would take "too long" to crack.  Would it be reasonable to expect the .rar encryption to hold with a sufficient length password (say, 20 chars?), at least until quantum computing becomes a thing?  As long as the .rar and password were sent through different channels (email + bitmessage, for instance), it seems as though it'd be very difficult to crack.
you do not want to to use a closed format for encryption.

gpg can be used to encrypt files too.
Thanks, and good point.

I suppose the big difference I see between the two is that GPG requires a public key to encrypt with, whereas a .rar can be encrypted with anything of my choosing, provided I give the password to the party through an alternate channel.  Is there something .rar style that uses an open format?
MysteryMiner
Legendary
*
Offline Offline

Activity: 1470
Merit: 1029


Show middle finger to system and then destroy it!


View Profile
April 11, 2013, 06:47:52 PM
 #45
Quote
Is there something .rar style that uses an open format?
7-zip can do that. 10-char password is not enough. I will go with 20+ random password.

Almost everything requires for computer to be online. Being online is all what the internet is all about. Next time search for possible ways to encrypt and send information when computer is both offline and turned off Wink
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
SgtSpike (OP)
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 11, 2013, 07:07:48 PM
 #46
Quote from: MysteryMiner on April 11, 2013, 06:47:52 PM
Quote
Is there something .rar style that uses an open format?
7-zip can do that. 10-char password is not enough. I will go with 20+ random password.

Almost everything requires for computer to be online. Being online is all what the internet is all about. Next time search for possible ways to encrypt and send information when computer is both offline and turned off Wink
Thanks, I'll check out 7-zip.  And yes, I was thinking 20-char.  Maybe 25 or 30 char would be even safer, but that might be overkill.

I understand that almost everything requires for the computer to be online.  But I'd like multiple methods that do not involve putting the private information on a computer that could potentially be compromised unless that information is otherwise secured (i.e. encrypted).  It seems the only real way to do this is to encrypt the information on the offline machine prior to bring it to the online machine.  Or, potentially, physical delivery (via postal service).  I guess that gives me 3 options.  I am satisfied with these results then.  Thanks to all who have participated in this thread!
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
April 11, 2013, 07:10:15 PM
 #47
Quote from: SgtSpike on April 11, 2013, 06:25:22 PM
Quote from: kokjo on April 11, 2013, 06:21:41 PM
Quote from: SgtSpike on April 11, 2013, 06:10:34 PM
.RAR - seems like it would work offline?  I took a look at some .rar password crackers, and even a 10-char address said it would take "too long" to crack.  Would it be reasonable to expect the .rar encryption to hold with a sufficient length password (say, 20 chars?), at least until quantum computing becomes a thing?  As long as the .rar and password were sent through different channels (email + bitmessage, for instance), it seems as though it'd be very difficult to crack.
you do not want to to use a closed format for encryption.

gpg can be used to encrypt files too.
Thanks, and good point.

I suppose the big difference I see between the two is that GPG requires a public key to encrypt with, whereas a .rar can be encrypted with anything of my choosing, provided I give the password to the party through an alternate channel.  Is there something .rar style that uses an open format?

gpg can do symmetric encryption only, if you ask it to.
see the "-c" switch in man gpg
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
SgtSpike (OP)
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
April 11, 2013, 07:16:57 PM
 #48
Quote from: kokjo on April 11, 2013, 07:10:15 PM
Quote from: SgtSpike on April 11, 2013, 06:25:22 PM
Quote from: kokjo on April 11, 2013, 06:21:41 PM
Quote from: SgtSpike on April 11, 2013, 06:10:34 PM
.RAR - seems like it would work offline?  I took a look at some .rar password crackers, and even a 10-char address said it would take "too long" to crack.  Would it be reasonable to expect the .rar encryption to hold with a sufficient length password (say, 20 chars?), at least until quantum computing becomes a thing?  As long as the .rar and password were sent through different channels (email + bitmessage, for instance), it seems as though it'd be very difficult to crack.
you do not want to to use a closed format for encryption.

gpg can be used to encrypt files too.
Thanks, and good point.

I suppose the big difference I see between the two is that GPG requires a public key to encrypt with, whereas a .rar can be encrypted with anything of my choosing, provided I give the password to the party through an alternate channel.  Is there something .rar style that uses an open format?

gpg can do symmetric encryption only, if you ask it to.
see the "-c" switch in man gpg
Oh, that's good to know!  I am looking for GUI options, but perhaps one of the GUI's available for general GPG encryption would also support symmetric encryption.  Thanks!
Pages: « 1 2 [3]  All
  Print  
Bitcoin Forum > Other > Off-topic > Sending REALLY sensitive information
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!