SubscribeSelf Decrypting Archives are BAD
Comments(2) I just encountered one of these awkward beasts last week. In case you haven't stumbled upon this stupidity, here's a brief explanation. A self decrypting archive is a windows executable that requires a pass phrase. Once said pass phrase is entered, out pops a decrypted file. This is wrong on so many levels. Let me count the ways:
- The sender is asking the recipient to run an executable. The recipient has no way of knowing if the executable is clean and does not contain a virus or trojan.
- We live in a multi-platform world. Asking the recipient to run a Windows executable makes the assumption that they are actually running Windows. I'm typing this from a Mac right now. It's possible that I might work in a unix environment. Assuming that I'm running Windows is ignorant.
- The password model defeats the whole purpose of PGP encryption. With PGP encryption, I provide my public key to someone and only my private key can decrypt the file. This self decrypting archive thing only requires the sender supplied passphrase. The recipient has no way of knowing if this message has been viewed by others or possibly even changed in transmission.
It's just bad all around. The only problem it solves is encrypting a file without the recipient needing to install some software to decrypt the file. The real problem here is that the security is an illusion. The recipient is taking on huge risk all because of laziness. As the recipient of an encypted file, would you rather run an executable from a reputable company or Joe Schmoe?
If you want safe encryption, look no further than GnuPG.
Excellent points. There’s just one problem — security is not binary. There is more security with an Self-Decrypting Archive than a plain-text email. That security is not merely an illusion, even if it is far less effective than tried-and-true encryption techniques.
In a cost-benefit analysis when dealing with someone who you will have to walk through the entire download, install, key generation, password selection, and any troubleshooting vs. simply ordering them to execute a Self-Decrypting Archive (SDA) for a single communication or otherwise seems to favor the SDA option. It’s more secure than a plain-text email, less secure than GnuPG’s full suite.
To claim it is “bad all around” fails to appreciate the nuances here. There are certainly instances when I’d rather send a rare sensitive communique to persons who would have no other use for encryption software. Asking them to install the full suite, generate a key, and password for one message seems beyond ridiculous.
Unfortunately, the SDA is the only solution I’ve stumbled upon. There is nothing else as simple out there. However, if you have that solution, _please_ share it because I’ve been searching for 2 weeks now.
You might argue that there are many means of bypassing the limited security SDA’s provide but that’s like arguing you shouldn’t use a simple doorknob lock because bank-vault doors are far more effective. An interested party still has to exert some effort to bypass a doorknob lock and most people aren’t capable of doing so (the vast majority of people can’t pick a lock) therefor we still use simple doorknob locks even though we know they won’t protect us from any hardcore attacks (just watch any horror movie).
In other words, most people won’t bother or can’t bypass a simple lock, the same could be said of SDA.
The problem is, of course, is some people who’d use an SDA may not understand the actual level of security they are getting but that is a whole other discussion.
So, you make some VERY good points, but I completely agree with “Yes But”. SDA’s are a nice to have specifically because of the lack of prevalence of people using GnuPG or PGP, etc. The one thing I can’t even figure out is what, exactly you are attributing to “laziness”? Lack of security isn’t always because of laziness, rather, because of lack of education. I’ve known brilliant, highly educated people who are not experts in security. So in your assessment, we just throw our hands up and send sensitive information them in the clear? I doubt that’s what you’re trying to convey.
You are clearly very educated with regard to security, and as such, your opinions better serve the ~uneducated without the added negativity (frustrating as it can be). Best to assume that when you’re posting to the net that you aren’t always talking to people that you’ve had to say the same thing to nine times.
Imagine if you went to the doctor and he had the attitude that your lack of ability to self diagnose was incredibly lazy of you. I’d be pissed too.