En­cryp­tion–pro­tec­tion from de­lib­er­ate at­tack

OpenSource For You - - EXPLORING SOFTWARE -

You will find that most of the fi­nan­cial in­sti­tu­tions are us­ing pass­words based on your PAN, name, ad­dress or ac­count num­ber. None of these are par­tic­u­larly con­fi­den­tial. This pro­tec­tion will guard against ac­ci­den­tal ex­po­sure, e.g., the state­ments go­ing to the wrong email ID. How­ever, if your ac­counts were com­pro­mised, these doc­u­ments will not be safe. Even brute force at­tacks on doc­u­ments with such pass­words are not dif­fi­cult.

If the fi­nan­cial in­sti­tu­tions were se­ri­ous about se­cu­rity con­cerns, they should have of­fered you the op­tion of us­ing GPG pri­vate/pub­lic key en­cryp­tion. You would up­load your pub­lic key to their site or, bet­ter still, it could be a part of the KYC (know your cus­tomer) in­fra­struc­ture. Each doc­u­ment they send you would be en­crypted by your pub­lic key. Un­less you lost your pri­vate key, the chances of your doc­u­ments be­ing com­pro­mised even if your email ac­count was com­pro­mised, would be re­mote.

It is a nui­sance to keep track of which type of pass­word is used by which or­gan­i­sa­tion, ev­ery time you re­ceive a doc­u­ment. And if I want to keep a de­crypted ver­sion of the PDF doc­u­ment on my desk­top, the eas­i­est way for me is to print the pass­word pro­tected PDF doc­u­ment to a PDF file!

On the other hand, it is not dif­fi­cult to use GPG en­cryp­tion on KDE and GNOME desk­tops now. You can ex­per­i­ment with them. Here is a sam­ple KDE ses­sion.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.