40

What is the easiest way for two people – neither of whom are computer specialists and cannot meet in person – to send a password for an encrypted file that is attached to an email?

The two simplest methods are these: telephone the other person and read the password over the phone; or write in the email questions that the NSA and other hackers couldn’t possible answer. The answers or parts thereof when compiled can then be the password or hashed to provide a password.

Asking non-technically minded people to install full PGP to send a password is not realistic. Is there a simple piece of JavaScript out there that can do a Diffie-Hellman, so the resulting shared key can become the password?

Peter
  • 987
  • 2
  • 9
  • 12
  • 2
    Tell them via Phone - if the NSA is listening on your phone, they are most likely already monitoring your PC and have the files you want to pack in the encrypted archive. Otherwise it is perfectly safe ;-) – Falco Oct 16 '14 at 13:43
  • 1
    This question was marked as duplicate, and I can see the logic behind that. However, this OP explicitly wants to avoid PGP, which seems to be the favored suggestion in the "duplicate" question. Moreover, the OP asks about tools for a Diffie-Hellman exchange, which is not mentioned at all among the answers to the "duplicate" question. I think the title of this question should be revised, rather than the question being marked duplicate. – Oskar Lindberg Oct 17 '14 at 11:40

6 Answers6

49

I too have tried to come up with a good solution for this. But I found https://onetimesecret.com/ which works great.

Basically you create a link containing a password and you send this link to the intended recipient. As soon as the receiver clicks on the link, the link expires and the password is deleted. So the receiver only has one time to copy the password. A one-time secret.

Grimmjow
  • 666
  • 4
  • 7
  • 1
    Nice. If expired, the user will know that someone has already clicked. – Marcel Oct 16 '14 at 08:41
  • Exactly. You can also password protect links, but then you need to send the password for the link to the recipient as well. – Grimmjow Oct 16 '14 at 08:43
  • You could send the password for the link by SMS – paj28 Oct 16 '14 at 08:46
  • 2
    Then you might as well send the first password by SMS too. You will never know if your SMS has been intercepted (except for NSA) and the password will not expire unless the recipient deletes it. One-time secrete is not bulletproof but well enough for non-technically minded people. – Grimmjow Oct 16 '14 at 09:02
  • 15
    "One time secret" does a good job, but it does depend on you trusting the site. Deciding whether to use it depends on the information that you sending. – Peter Oct 16 '14 at 09:26
  • 2
    Yes of course, that's a great point. At lest it's opensource https://github.com/onetimesecret/onetimesecret – Grimmjow Oct 16 '14 at 09:45
  • But can't you do that without a third party site too? Tell the other person the "secret" password on the phone, and the server will accept that password exactly once (forcing the user to enter another one). You could even do that as a three-pass protocol, too (tell the other person a second password if and only if the server accepted the first). – Damon Oct 16 '14 at 13:25
  • @Peter you have to trust the site, but since the site has no way to know how do you plan to use that password, nor has access to your file, it's unlikely someone manages to both intercept your file, your url, and corrupt them into giving him the password. – o0'. Oct 16 '14 at 13:28
  • Re SMS, you could use a tool like TextSecure to be able to securely send SMS messages, and it's pretty easy to set up. – atk Oct 16 '14 at 13:28
  • @Grimmjow - To get the original password, someone needs to know the link and the link password. If you send the link password by SMS, and the SMS is intercepted, that doesn't get them the original password. Typical of SecSE that your comment was upvoted despite this flaw! – paj28 Oct 16 '14 at 13:47
  • Of course, knowing that someone else has already clicked the link does nothing to help you stop them from opening the file; it just stops you from also opening the file. So what this does is ensure that only one person can get that password... even if that person is the attacker who somehow got to that webpage before you. – anaximander Oct 16 '14 at 15:14
  • 3
    @Grimmjow We assume that the code that onetimesecret has used on their website is the same as the code that they've published via github. ;) At some point, we do have to trust. – apnorton Oct 16 '14 at 15:42
  • @anaximander Though you could send the link first, & only when the intended receipient confirms to you that they have the password do you encrypt & send the file. – anotherdave Oct 16 '14 at 17:19
  • @anorton Well yes, you could say that about any opensource project. But as someone pointed out earlier, onetimesecret doesn't know the purpose of the password. Even if they did intercept all passwords, they wouldn't know how to use or where. They could use the passwords to create a big wordlist, but you could say that about every website. – Grimmjow Oct 16 '14 at 18:59
  • For most practical purposes onetimesecret is fine. The dangers would be if onetimesecret were able to keep a copy of your password for the NSA, who would know who created it and who received it. In any event, the NSA (either via ontimesecret or through monitoring computer traffic at either end) would add the password to their data bank of known used passwords to brute force the encrypted file. – Peter Oct 17 '14 at 08:25
  • I can vouch for onetimesecret, though I wouldn't share all your secrets on it alone :) – Throttlehead Jan 11 '17 at 04:08
  • I also can vouch for one time secret. I checked out their code on github and it looked good but I was concerned that their was no encryption taking place. I don't mean to self promote but I created free.ghostcipher.com as a way to easily share secrets that encrypts data in the browser before sending it to the server. The server never gets the keys. All this can be confirmed by looking at the network requests in the developer tools. – Chiedo Aug 02 '17 at 17:17
  • Also, there are alternatives like pwpush.com that have APIs https://www.saashub.com/compare-passwordpusher-vs-one-time-secret – James Sep 07 '21 at 16:38
5

There is no foolproof way to ensure secrecy, but you can make it quite difficult.

One may assume that all electronic communication is constantly monitored so is insecure. However physical mail is certainly not going to be intercepted unless the sender or recipient is under suspicion or is being observed. I suggest you write the password down and mail it in a tamper proof envelope. Once the recipient confirms receipt of the password you can then mail them the file.

Note that this still doesn't guarantee security. A determined and capable attacker (such as the NSA) has other means to get the contents of the file.

Qwerky
  • 731
  • 3
  • 10
  • 2
    Assumptions on the security of snail mail may be grossly off-mark in some jurisdictions. – Deer Hunter Oct 16 '14 at 14:49
  • @DeerHunter - its not a matter of jurisdiction, it is a question on the logistics of checking large volumes of physical items. And email can be scanned in a microsecond by a computer. It takes a person minutes to carefully steam open a letter. – Qwerky Oct 17 '14 at 08:55
3

For sending not very sensitive stuff, eg. holiday family pictures I place an encrypted ZIP file on my dropbox and send an email with the link.

In the email I describe the password verbally, using information that is hard to know to the public, but easy to know for the recipient. Much like you do.

However, in my experience, unzipping an encrypted ZIP file is already a non-trivial task to most non-technical friends.

Marcel
  • 3,536
  • 1
  • 19
  • 37
2

If your not opposed to snail mail...

I know that the military uses DHL mailing service with tracking in order to ship sensitive material. You could write down the code seal it in an envelope which you then hand sign across the seal. Place that envelope inside of another manila envelope which is not see through and seal all edges of this envelope with packaging tape. Do not have any distinguishing markings on this envelope. Place this package into DHL envelope. As for where this should be sent I would setup a trusted third party to act as a mail drop box between myself and the receiver. This might be a person or possibly another business which offers this type of service.

Face to face physical transfer of sensitive material is almost always the best way to exchange this sort of information if you want to ensure control over this information. (Although being present during the transfer presents other issues depending on whether your trying to hide your movements or if you are already under some kinds of surveillance.)

Setting up a direct communication line (cat 5, coax etc.) between yourself and the other party could allow you to send electronic information without being monitored.

As far as using a Diffie-Hellman, I think that is a great idea. Why not read the algorithm and write your own? this way you are sure that no one else is aware of the specific algo. you are using. http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

Source: 9 years of military service and some naval security manuals which I forget the names of.

Bevi
  • 21
  • 3
  • I'm too dumb to write my own code, but someone seems to have done it here in javascript http://prgomez.com/ursa/ – Peter Oct 17 '14 at 08:33
  • Is there any scenario where setting up a direct communication line like a Cat-5 between yourself and the other party is actually a viable solution? – damd Nov 22 '16 at 12:32
  • You should never "roll your own" cryptography implementation. https://security.stackexchange.com/a/18198/91506 – mbomb007 Jan 23 '23 at 20:12
0

If it's one off, call them. It would take vast resources to filter through calls and conversations to track down a password - outside NSA off course, which may already have access without password anyway.

To do this in bulk, you need to set up a PKI infrastructure.

0

I have found a downloadable html file on-line, which enables you to do a simple Diffie-Hillman exchange.

http://prgomez.com/ursa/

You input a secret key of your choice and make a public key; your partner does the same. Next, you exchange public keys with your partner. Then both of you merge your own secret key with your partner’s public key. The result of the merger is that you both come up with same secret key, which can be used as a password. The beauty of this is that you don’t need software on your computer and it is relatively easy to use.

Peter
  • 987
  • 2
  • 9
  • 12
  • I'm confused as how to use the page you linked in practice for the Diffie-Hillman exchange. Following your instructions as best I can interpret them, I do not end up with the same key as a result. Can you elaborate, please? – Oskar Lindberg Oct 16 '14 at 12:00
  • 1
    @OskarLindberg OK, these are the developers instructions, not mine:1. It is assumed this process is being followed by 2 different persons. They have both generated a secret key and its matching public key Both copy their public key and send it to other person. After retrieving the other person's public key, they both paste it in box 2 of their respective browsers.Both type or paste their own secret key in box 1. 5. They both hit the "Merge Keys" button below box 2. The same shared secret string will appear in box 3, on both browsers. See http://prgomez.com/ursa/instructions.html – Peter Oct 16 '14 at 13:36
  • Thank you. I'm slightly embarrassed that I did not see that - I did look through the instruction document, but with the intent of finding something about "Diffie-Hillman" explicitly. – Oskar Lindberg Oct 17 '14 at 11:31
  • 1
    That link doesn’t work what gives?!!!!!! – Sukima Nov 17 '18 at 16:44