Protecting Things from prying eyes....

Dar Scott dsc at swcp.com
Sun Apr 7 16:20:00 EDT 2002 

On Saturday, April 6, 2002, at 10:20 PM, Michael Crawford wrote:

> Does any one have any suggestions about what I could do here? My 
> two lines
> of thought are:
>
> 1) I could either encrypt the images using some other method than 
> base64 I
> am open to suggestions about how I could do this.

Any simple method I give you would hardly be better than the 
obfuscation that you already have.

If you must do more, the next step is serious encryption.

One approach is to have the stack run a command line PGP 
application.  Since NAI dropped the PGP line, your choices are 
limited if this is a commercial application.  I'd consider GnuPG.  
It is available on several platforms.  It is a little rough around 
the edges but should work for your narrow need.  (If you find a 
shrink wrapped legal copy of PGP 6.5.8 command line commercial and 
don't need it, contact me.)

Alternately, if you have control over all computers involved, turn 
on IPSec for the applicable connections.

> 2) I could build a better password protected site with cgi's or 
> ASP or some
> such thing though then I have issues with server hosting etc.

Same problems.

> 3) I am just being to paranoid about the whole thing. If anyone get's
> through all of the road blocks I have created perhaps I should 
> just give
> them a chocolate fish  and a certificate and not worry about it...

Simple obfuscation is appropriate in some cases and it may be in 
this case.  You have to look at the economic factors for the spy 
and use that to assess the probabilities in assessing your risk 
(prob and cost).  You also should look at other factors such as the 
cost of the stack getting bogus pictures.

If these are pictures of a new product and you don't want Ford, 
Microsoft or France to see them, then you may need strong 
encryption.  On the other hand, if you don't want people to see 
your maps of NZ that you worked so hard to make unless they pay for 
it, then encryption is less important.

My wild guess is that you can probably get by with even simpler 
obfuscation and then forget about it.

Dar Scott

More information about the metacard mailing list