If you were going to send a file, encrypted with a passphrase, to three users: one on a Mac, one on Linux and one on Windows... what would you use?

(For sake of argument, do not say PGP.)

@Keltounet Keybase was at least paying lip service to being PGP... and mostly I'm fishing for tools people to install (or have already), not services people can sign up for.

But I didn't specify that clearly, so thank you for your input. ๐Ÿ˜„

ยท Web ยท 1 ยท 0 ยท 0

@HerraBRE not sure there is a simple answer to your question. There are tools floating around, either proprietary or open source that will do that, even cross-platform but things like key distribution & secure encryption are still hard things to tackle in all cases.

Interested in seeing a summary of your answers BTW (as we used to say on Usenet) :)

@HerraBRE BTW the real answer (or question) should probably more in the lines of "what is your threat model (aka who is it you want to protect that information from?" before asking what you want to do.

@Keltounet My tl;dr takeaway so far, is "centralized cloud services or 7zip, depending on which is a better fit."

Turns out 7zip LGPL'ed their core library, so they're widely supported and there are many implementations on all platforms.

And their crypto is, modulo implementation bugs, quite acceptable.

@HerraBRE @Keltounet bear in mind that they *had* nasty security bugs, that were fixed but not released for some time. Some antivirus software were vulnerable so this was kinda big news.

@jacek Thank you! I realized after posting that I should have just Googled... and did so.

@jacek @Keltounet One follow-up here.

According to this blog post, the time between discovery, report and a fix being released was IMO quite reasonable: landave.io/2018/05/7-zip-from-

This does not seem like a huge red flag against the software, although for certain threat models the attack surface is probably unacceptably large. It's a complex tool.

@HerraBRE @Keltounet maybe I mixed things up a bit. Anyways it was something like they either fixed it but did not update executables, or didn't enable some mitigations in the release builds. (both could have some proper technical reasons).

@jacek @Keltounet The post I linked actually discusses exactly that; it took a couple of rounds of communication with the researcher before the dev got all the mitigations right. But they got there in the end.

@HerraBRE @Keltounet good to hear! Thanks! It's too late for me to read dense technical posts on things I'm not super familiar.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!