1.  Home
  2. MIDRANGE-L
  3. November 2011

Re: Questionable terminology usage

Hello,

On 11/29/2011 2:57 PM, jmmckee flinthills.com wrote:
We strongly recommend that you use File Transfer Protocol (FTP) when
sending your live data file. FTP is the simplest and most secure
method of uploading.

There is absolutely no security in regular FTP. Everything is sent in plain text over the wire. The only security is password security -- but the password is also sent plain text.



That is followed by these bullets:
Extremely secure using proper encryption (an advantage)

Not sure what this means. Possibly they are using FTP with SSL or some other form of encryption? Or the files themselves are encrypted (so your password is exposed, but the contents of the file is not.)? But the files themselves being encrypted doesn't mean FTP is secure, those files would be just as secure when sent by any other file transfer method.


All files must be uploaded in BINARY mode (a comment)
Do not use ZIP files (another comment).

An encrypted file would be unusable if you did not transfer it with binary mode. (Unless something was done to put the encrypted data into a text format, such as base64)


After reading that, I am confused. I never thought FTP was secure,
let alone Extremely secure. And they want data sent in BINARY mode
but not ZIPPED. I have been using PKZIP with AES256 encryption.

Some implementations of ZIP/UNZIP do not offer encryption. Early versions of PKZIP did offer encryption, but it was very weak and easy to break. Possibly they are not aware of more modern crypto algorithms like AES256 being used in ZIP files.


Their description of FTPs mentions 128 bit SSL encryption and is also
HIPAA aceptable, must be BINARY and must use ZIP.


That would make much more sense vs. saying FTP is secure.



Under SFTP

I have questions about this. Maybe I don't understand what is
written. But, I am confused by them wanting BINARY MODE of printable
data, that must not be ZIPed, or their statement that plain FTP is
"extremely secure".

I can only assume they are encrypting the files themselves, then transmitting the encrypted files. That's why BINARY mode would be required.

I don't see how plain FTP could ever be called "extremely secure". But the exposure would be much more limited if the files are encrypted.


Fortunately, they do offer sftp. (Almost forgot) There is a
disadvantage listed for sftp that seems odd: "Typically requires
advanced knowledge of computer networks and protocols". HUH???

Yeah, no idea. All I can guess is that sftp isn't preinstalled in Windows like FTP is.

But FTP's inability to work with many firewall/NAT setups, IMHO, makes it even harder to use without advanced knowledge of computer networks and protocols.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.