In this case, both the sender and the recipient have both pieces, so it's not protecting us from end-point compromise (like someone having access to your computer or email account), instead it is protecting us from a malicious mail-man while the data's in transit. To understand why people make these suggestions, we need to think about which threat model this practice is trying to protect us from. If you send the file by email, send the password by SMS, if the file is on a network share, write the password on paper and physically give it to them, etc. The better practice is to send the password "out of band", meaning that you send the file and the password by different communication channels one on the internet, and one not. It certainly doesn't hurt your security to send two separate emails, but I agree that it's not a silver bullet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |