Pete,
Last time I checked it was fairly easy to crack a password protected
winzip file. My suggestion would be that you use PGP based encryption.
You can find some good PGP based technology at www.pgp.com or you can
use gnupg from gnupg.org.
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
Preston Kutzner wrote:
> On 14 May 2008 08:08:07 -0000
> pete.hill_at_sit-up.tv wrote:
>
>> Hi there,
>>
>> I am currently running through a PCI program at my company and am looking for recommendations on an email encryption tool.
>>
>> We currently use a licensed version of Winzip, but I have heard that this may not be up to job as far as passing a PCI DSS audit is concerned.
>>
>> Is Winzip good enough? and if not, what should we be using to get a pass on this?
>>
>> Many thanks
>> Pete
>>
> More information would be handy to help give a reasonable answer. What
> OS are you using? What MUA are you using? What are you trying to
> encrypt in your email? If you're using WinZip currently, I would
> assume you're just looking to encrypt the attachment. Are you also
> looking to be able to encrypt (and sign) the entire email message? Is
> compression necessary for your application?
>
> As far as email encryption is concerned, typical methods for this
> application usually consist of either SSL certificates or PGP/GPG
> encryption.
Received on May 14 2008
Intro
