Secure method for transmitting confidential data?

Tek7

Tek7

CGA President, Tribe of Judah Founder & President
Staff member
When I appoint new staff for the Christian Gamers Alliance and Tribe of Judah, I occasionally need to send account information to new staff members.

I know e-mail and gaming instant messaging programs like Steam and Xfire aren't secure. I know I can establish a SecureIM session with other users who use Trillian to connect to the AIM network, but that can be a pain to configure.

What's a simple and efficient way to transmit confidential data?

And I don't want to use Hushmail. If you don't use your account for so many days, your username expires and you can't get it back without paying for it. Boo.
 
trillian will do secureim by default so get them onto aim or icq and feel better...:)

skype also encrypts all communications by default so you could use that as well.
 
Tek7 said:
When you say "all communications," does that include text chat?
Click to expand...
AFAIK yes. trilian's secure im everything is secured as well IIRC.

vibrokatana said:
There isn't going to be a "secure" method of sending data without the other party having a key in advanced.
Click to expand...

Trillian/skype use public key cryptography and they are already loaded into the programs. Since trillian/skype does file transfers on a direct connection basis youa re safe from MITM attacks.
 
Last edited:
Hescominsoon said:
Trillian/skype use public key cryptography and they are already loaded into the programs. Since trillian/skype does file transfers on a direct connection basis youa re safe from MITM attacks.
Click to expand...

It can still be sniffed and decrypted. Generally you should never assume a connection is safe, particularly when dealing with wireless networks. MITM usually deals with session hijacking or spoofing, which while encryption helps prevent. You still have to have a private key passed in order to initiate the connection, otherwise you are using a public cypher which is useless.
 
vibrokatana said:
There isn't going to be a "secure" method of sending data without the other party having a key in advanced.
Click to expand...

Public key encryption is just as secure as private key encryption for all intents and purposes, given that you use "large" enough keys (edit: and no one solves the P=NP problem anytime soon). You can nitpick all you want about bla-bla not being 100% secure, but nothing is 100% secure (how do you know someone didn't plant a microphone and is overhearing your conversation, etc). Private key cryptosystems can be broken with enough computing power just like public key cryptosystems can.
 
Last edited:
I saw a video on the internetz where some guy keylogged what he wrote on a computer to another adjacent computer through electromagnetic radiation waves...

freaky. as. all. get. out.

If a hacker WANTS your stuff, he will get it.

I am looking for it right now.

Edit: Here it is.

http://vimeo.com/2007855?pg=embed&sec=2007855
 
Last edited:
Odale said:
I saw a video on the internetz where some guy keylogged what he wrote on a computer to another adjacent computer through electromagnetic radiation waves...
Click to expand...
If I'm understanding his experiment correctly, he would have to be sitting in the same room as me for that to work.

I understand no transmission method is completely secure, but I want to find the best possible method for sending account information to new staff members.

So far, it seems Skype or Trillian + SecureIM are my best options.
 
Tek7 said:
If I'm understanding his experiment correctly, he would have to be sitting in the same room as me for that to work.

I understand no transmission method is completely secure, but I want to find the best possible method for sending account information to new staff members.

So far, it seems Skype or Trillian + SecureIM are my best options.
Click to expand...
His second experiment was conducted through walls.

None the less it is still cool!

Why not simply call these people?
 
vibrokatana said:
You have obviously never had to activate windows over the phone.
Click to expand...
That's correct. I haven't.

So before I make Trillian + SecureIM an official method for sending confidential data to new CGA and ToJ staff members, does anyone have any other recommendations?
 
vibrokatana said:
It can still be sniffed and decrypted. Generally you should never assume a connection is safe, particularly when dealing with wireless networks. MITM usually deals with session hijacking or spoofing, which while encryption helps prevent. You still have to have a private key passed in order to initiate the connection, otherwise you are using a public cypher which is useless.
Click to expand...

public key cyrpto is one of the most secure types around. SSL is public key and it truly has never been cracked. Unless you use weak encodeing or a weak key it's as secure as anything else.
 
Hescominsoon said:
public key cyrpto is one of the most secure types around. SSL is public key and it truly has never been cracked. Unless you use weak encodeing or a weak key it's as secure as anything else.
Click to expand...

not to nitpick, but since the thread has largely devolved into an argument about what's the most correct theoretical way to secure data without giving any consideration to the value of the data being exchanged (maybe we should sit inside of a Faraday cage in a room with no windows and only invite people in to share secrets with)... SSL uses both...public to initiate the transaction and begin the process of creating a shared key to be utilized for the duration of the session. i would presume trillian and others do the same since performing repeated encrypt/decrypt operations using keys of that size would be computationally expensive, particularly for video/audio transmission which requires much higher band width than typing :)
 
You must log in or register to reply here.
Back
Top