2
Is it safe to email a PDF with sensitive information if I secure the PDF and mail it via HTTPS and am sure the recipient will be downloading it from a secure server?
Jeff Storey
Posted 2009-11-11T02:39:12.207
Reputation: 375
emailing secure PDFs
Answers
3
Adobe's PDF encryption can be cracked in minutes, so you better choose alternative/additional encryption. use a randomly generated password (as long as possible to give brute force a tough time) and then security depends on whether the password/key exchange can be intercepted or not.
the key and its secure submission is ultimately the key factor regarding the safety of your document. decent encryption is not really the problem.
If I put a password on opening the document and then just send the password in a separate email, that should be reasonable safe, right? – Jeff Storey – 2009-11-11T03:01:44.027
4given the fact that sending emails is pretty much like sending post cards i would not consider this reasonably safe. the most sophisticated encryption is utterly useless when the submission of the key to decrypt a file can be compromised. this is often the weakest link. – None – 2009-11-11T03:13:52.163
Upvote the post card reference... it's a perfect analogy for unencrypted email! – M. Dudley – 2009-11-11T03:32:46.607
1
Depends how secure your PDF securing is! Can the protection be broken or the password guessed?
https will just stop someone reading the data between you and the mail server, mail itself is delivered in a non encrypt fashion as far as I know.
If you really want to make it difficult for someone else to be able to read the PDF why not create a TrueCrypt drive, put the PDF in there, and choose a really good password. Then you can send the TrueCrypt drive as a file to someone.
Matthew Lock
Posted 2009-11-11T02:39:12.207
Reputation: 4 254
0
PDF's protection is not something I'm wild about.
For this I'd suggest just RAR'ing the file with a password (since RAR is more common on most systems then TrueCrypt) and phoning the pass. It is a relatively tough job to crack, unless you need military grade security (which, I'm guessing with 95% certanty, you don't :-)
keep it simple
Also, RAR files, unlike ZIP's go through most email systems (gmail for example) even with executables inside.
Rook
Posted 2009-11-11T02:39:12.207
Reputation: 21 622
0
You should probably go with somehting like https://docq.com it specializes in secure PDF transmission. Entire site is in SSL. As said PDF's can be opened up easily, even with PDF security.
If you wouldn't write it on a postcard, don't send it via email. – DaveParillo – 2009-11-11T05:54:35.400