See the entire conversation

Reminder that it’s 2017 and there’s still no reliable built-in way to encrypt a file to send to a peer on any mainstream OS.
154 replies and sub-replies as of Jan 02 2018

You’re thinking, “but ZIPs can be encrypted!” and NO THEY CAN’T. Most deployed ZIP programs use fake encryption.
“Well you can just have people install” BZZRT fssst CRACK you’ve missed the point.
Encrypting a file is an unbelievably simple cryptographic problem; literally the “hello world” of the problem space. And nothing does it.
You will have a TLS handshake with not one but two different post-quantum key exchanges before you have simple file encryption.
it's so simple just install emacs+gnus+plan9 bruh /s
Why doesn't windows pass protected zip count?
Which version of Windows defaults to AES rather than Bass-O-Matic or whatever it is?
Thought it was AES but yeah looks like it's still garbage
Ah yes, the backdoored Blowfish prototype, Bass-O-Matic.
Two reasons. Zip-Crypto is broken. PSK/symmetric crypto is broken by users. Strong ciphers and key exchange, simplified, is what is required
You’re overthinking. A reasonable password-based file encryption scheme would address the complaint. We can’t even get that.
I might be overthinking, but explain reasonable please. Insecure crypto and weak psk's are not reasonable to me.
Too true. Linux now offers socket level TLS encryption but there's no social medium agnostic method of encrypted content exchange.
The sad thing is that there is that standard: AES-encrypted ZIPs. But built-in zip programs sabotage it.
Afaik Windows built in file handler doesn't support AES and just zip-crypto (feel free to correct me)
Note that there are people that fervently believe this isn’t true. It’s terrifying.
Assuming Keep in mind PKWARE continues to offer an alternative "standard" in SecureZIP, which confuses consumers.
you know that there are two incompatible variants of AES-encrpyted ZIP and none of them is "a standard" in any reasonable sense of the word?
I checked this a while ago, winzip came up with something (that is not metadata-hiding), then pkware invented their own incompatible thing.
afair winzip variant: more widely supported, pkware: encrypts filenames as well, provides "algorithm agility"
Yay for standards! Also who thinks this is a good standard to base sharing upon?
Have you come across 'self extracting pgp archives'? Who thought this was a good idea??
everything is terrible
What's wrong with Keybase? It's pretty accessible for people with non-technical backgrounds.
7zip is fairly standard for Windows PC's. No so for other platforms? 🤔
7zip is free (and open) but is not a built-in for every platform. SSL/TLS is available at transport but no standard for application. Discuss
miniLock by @kaepora is the simplest way I know but it's not by default on OS so I guess again missing the point :p
You might as well just install PGP if you’re going to install something, because at least some peers will have it.
PGP and will lose 90% of people because of keys management. miniLock at least solve that problem :)
What “key management”? Just use a damn password. That’s all 99% of people will do anyways. But no: no built-in way.
*can* GPG just encrypt a file with a password, no persistent key?
Huh, I did not know about gpg -c. Thanks.
it's been there at least since the first version of PGP I used in 1993
You should go with 7z then. That's the least unfriendly & obsolete way to encrypt files, plus it has a graphical ui on most OSes. :)
If you’re going to ask people to install something to encrypt with, 7z is the most dangerous option; suggests .ZIP safe in common case.
Might as well just ask people to install GPG.
True on this point, because it assumes the recipient is more likely to to be able to read a zip file than a 7z file. :(
Apple and MSFT could trivially implement the AES standard for ZIP files and call them .aes.zips or whatever. But nope.
I wouldn't recommend Zip in any cases. 😀 cc @angealbertini
what about a simple python script to provide the decryption, with appended encrypted data ?
"user-friendly" 😄
python script can't provide a prompt to enter a password? or ?
Windows does not bundle Python as far as I know, so you're back to "please install this first"
A cross-platform self-decrypting blob would be nice, although a bit scary to execute
then a .bat/shell script ? ;)
I was half expecting you to post a polyglot proof of concept by now ;)
hold on. it's not self-aware yet :)
unzip -p pocorgtfo04.pdf lenticrypt/ | python -c 'import sys; exec' -e SECRET PLAINTEXT -o CIPHERTEXT
define user friendly in this context??
Available by default, cross-platform, usual user interface e.g. "right-click -> encrypt".
I should be able to explain how to do it on the phone with my mom, who is not an engineer, within a few minutes. :)
would @Tarsnap count? Or is an online encrypted backup to remote?
No, Tarsnap would not count as a built-in way to encrypt a file before sending it.
Encryption has never been the core problem. It's the key exchange...
openssl will do it on the command-line, but I guess you mean with a better interface than that.
Unix nerds can encrypt files. They can also install random stuff. Nobody else can use the terminal.
non-nerds don't care about file encryption. the problem is educational first, software second.
For some use cases, one can resort to password protected PDF's, which encrypt content with AES, right?
How broken is the encryption algorithm Phil came up with for pkzip? Last I remember it had weaknesses but wasn't, like, Vigenère.
I think it takes minutes to crack at worst.
Hmm, I don't think so? "In particular, it is vulnerable to known-plaintext attacks, which are in some cases made worse by poor [RNGs]"—WP
does sending through a website count?
No, because now you have to trust the website.
don't we have to trust the third-party executables in a similar manner?
I mean, your file is literally going to be parked on that server in plaintext. Essentially, you’re defining the problem away.
Mostly I'm trying to define an easy way for users, since OS makers will never ship this right IMO
It’s a trivially simple problem to solve! Just implement the AES ZIP standard!
"It’s a trivially simple problem to solve" So is star lifting, we just need the economic output of the planet many times over.
It’s literally a simpler problem than ZIP or tar.
No, Keybase does not count as a built-in way to encrypt a file before sending it.
Does PDF built on encryption (and similar features for most popular documents) count?sending weird files,use GPG. Avg users Send DOC/PDF
Do you consider node's built-in crypto api as standard?
That is the same as trusting the server.
I use when I want this; web BitTorrent so it doesn't even hit 3rd party server
...except now thinking about it I'm not sure it actually encrypts like I thought it did and the https is just useless
If the server just encrypts, sends to ipfs, returns key and url, then erase data? Open source tool you can run in any server.
macOS encrypted disk images (.DMG) files aren’t exactly easy, but not terribly difficult to create and work with. Best current option?
yeah full disk encryption basically works in Win / OSX / Linux? Doesn't get the file off your hard drive encrypted though.
I meant the encrypted DMG files you can create with Disk Utility, which work as containers of any size. Like ZIP files, but less convenient.
At the risk of exposing my ignorance, why don't either openssl and Disk Utility qualify for this on macOS?
I’m being imprecise because Twitter, but yes, disqualify anything that involves dropping to a terminal.
Fair enough. And Disk Utility can only encrypt folders or drives.
Disk Utility has a GUI.
It doesn't encrypt files, only folders and volumes.
It’s the closest thing we’ve got and a reasonable response, but not nearly good/simple enough.
You can create a DMG with a single file in it.
Yes but that's not what @tqbf was stating. You can encrypt single files with openSSL from the command line but that's not easy.
I think that's a bit short-sighted; given a worked example put in front of them, most ppl ought be able to grasp openssl-enc on a terminal.
You haven't met my wife.
I'd argue for one to u/stand & properly use strong encryption req's a certain level of attention-to-detail, it's just nature of the problem.
For anyone that's not willing to put in the learning effort, they'll just have to learn to trust other ppl to set things up on their behalf.
…although to be fair openssl enc's passphrase-to-key algorithms have borne past criticism (unless your pp has near-same entropy as a key)
but muh pgp! /s
Depends if you count iMessage.
Signal? Not really designed for file sharing, but is capable to some extent, is OSS, and end-to-end encrypted.
Although, Signal fails the "just install..." condition...
Signal is strongly tied to phone numbers and requires having an Android or iOS device. It's not a generic solution for this problem space.
If it had a desktop client usable without the Android / iOS app and had an alternative to phone numbers it'd be closer to filling the niche.
Agreed, both are big gaps. What about Wire? Lack of OS+UI level crypto seems odd in hindsight: health, finance, and .mil all badly need it.
It's not clear to me why iMessage is excluded, but Mac also ships with ability to create encrypted disk images that seems to qualify.
"Drop to shell" is terrible #UX for non-technical people.
A trivial #UX for OS secure encryption is "encrypt this file/folder" as a pop-up and button in properties, with a little lock on the icon.
Who said anything about the shell?
That's not terrible. It's buried in a utility, you have to pick your options right, and you can save your password (in the cloud?), but good
…it is installed by default. So there's that! 👍
I think saving the password is in the local keychain. I'm of the vague belief that Apple doesn't back it up to cloud as a matter of policy.
This is the technique I've had to use in the past. Not sure it meats all of @tqbf's standards but it was the best I could find.
A sizeable fraction of the world securely sends files over iMessage every day, but I'm guessing there's a reason it doesn't count.
can make his own rules, but I can't see why iMessage isn't a secure solution for sharing files among Apple users.
I'd like to hear whether or not @tqbf thinks that this qualifies.
Must not be an Apple fan.
Clearly you missed the memo that iMessage trusts what ever keys Apple says the other user has, so you can't be sure no one else got it.
How about macOS Disk Utility's "Image from Folder" feature with encryption?
How about Airdrop?
I think you’re right about this one. But may be unverifiable with closed source? Gonna take a look into will report back.
Airdrop uses two 2048bit TLS keys one for your hardware and one for your apple id. ‘Everyone’ bypasses apple id check only uses hardware key
I think airdrop is secure peer to peer transfer. But closed source, amount of logging unknowable.
Hey, FreeBSD ships with rot13 installed!
I recently removed the 3des tool that Kirk had been using for the last 10-?? Years
Yeah, 64-bit block ciphers need to be stop being used now.
Encrypted disk images on OS X?
Does Mozilla "Send" count?
Why not? Afaik it does the encryption client side
It requires you to trust Mozilla’s servers every time you encrypt.
Can eliminate any browser based solution then?
If your model doesn't allow in-browser, client-side encryption, your model requires computer to be airgapped and OS never updated from inet
Otherwise the attack you're protecting against, by not allowing binaries served from internet, is a potentiality to the target machine.
I noticed a recent build of Mozilla Thunderbird I installed (on MacOSX) had Enigmail built-in (PGP add-on), you just had to generate a key.
Gpggggg. (Only half troll I actually find it fine to use)
Encrypted DMGs works in OSX, but wouldn't say it's usable by the average person
As long as key management is a manual process, encryption will not be ubiquitous for average people.
Knowing the average user, keys will be sent in a plaintext email with a link to the encrypted file
For this to be true, you have to discount anything shipping Gnome or KDE as being a mainstream OS. About 3% of the market.
better: "Reminder that it's 2017 and neither MS nor Apple include a convenient way to encrypt files on the desktop. So use GNU/Linux."
And after that I will drive a roofing nail into each of my maxillary sinus cavities.
Using software that respects you isn't an indulgence & you don't need to self-flagellate. You deserve good things. Really.
May your next job require you to track hours using a Flash application that can only be loaded from IE.
Having gone through college & 7 jobs using GNU/Linux on the desktop and only occasionally used a Windows VM, I can tell you it's no sweat 👌🏻
Windows VMs 10 layers deep is what I wish upon you for treating my mentions as an opportunity to evangelize, Slashdot-style.
I had no idea it you might find the suggestion distasteful, sorry! Should I delete the tweet?