If you trust the document's own encryption mechanism, then you are still left with a problem. How do you communicate the password? PKI is a good answer.

That is my point. A basic understanding should be expected. Now a detailed expertise. I agree completely with what you are saying, and I say similar things elsewhere here.

Just to add: if you did what I described, you would quickly discover that the actual secret you should send using PKI is the key to some other more efficient symmetric algorithm.

Your question demonstrates that you don't understand the problem. How do I securely send you a file? If I use Excel's encryption, then we have a new problem: how do I send you the password to open it?

Furthermore, it is a legitimate question to consider whether you should trust Excel's security. (And I'm not picking on Microsoft. At least not this time.) You don't have access to Excel's source code. You can't know it is secure. You could sleep a lot better if you simply assume the Excel is just like any file, and like any other file, you encrypt it and sign it with PKI so that the person on the other end can decrypt it and verify it is from you. (Actually encrypt and sign a small key to a more efficient symmetric algorithm.)

It depends on what you mean by 'know how it works'. If they are using it in the project, then I expect them to 'know how it works'. I don't expect them to be able to write their own from scratch. Just a basic understanding. Not an explanation that you sprinkle magic encryption sauce on the data.

Generate a pair of keys. Make one public. Ask the guy at the other end to do the same. Now we can read each other's public keys (and so can anyone else). I encrypt the PDF with your public key and then with my private key. The guy at the other end can verify that it came from me, and he is the only one who can decrypt it. I don't need to know all the detailed math. I don't have to write my own BigInteger code. Just a basic understanding.

Why is this more to ask than that someone knows the language that a shop uses. Knows how to use the framework we use. Etc?

Life Long Learners is also a plus.

Whew! Now that I've got a diploma, or certificate or whatever, I don't ever have to learn anything ever again!

I would place much greater value on a developer who prefers to constantly learn.

I beg to differ! Plenty of developers are exceedingly competent at finding code on the intarwebs and pasting it in to the project.

I don't expect every developer to be an expert in cryptography. I do expect every developer to have a basic understanding of cryptography, which would include the type of understanding that the poster was asking for. What is PKI? How would I use it? I don't expect you to develop a secure cryptographic library and I don't expect you to develop the microprocessor in your computer. But I expect you to have a basic understanding of how a microprocessor works.

I am not an expert on cryptography. But I know which algorithms I would use. I know how PKI works. I understand how to use PKI either to encrypt, or to authenticate. I understand what a certificate and certificate chain are. I understand the basic principles.

I would not write home grown code. I would definitely select mature, well tested libraries. But I understand what to use and how to use it.

I've been working since the days of the Apple II. It seems pretty basic to understand the basics of cryptography. Asking whether the document is PDF or Excel demonstrates a lack of understanding. The document type is irrelevant. It is a file of bytes. You want to send those bytes securely. (And you may want the receiver to be able to verify that it actually came from you.)

Please let's start calling them what they are.

A Telescreen.

Please stop calling them a Smart TV. That implies something positive about them over ordinary TVs. Also don't qualify dumb TVs as dumb. It is actually smart to prefer an ordinary TV. Let's put the negative focus on Smart TVs, or rather Telescreens, as it should be.

I'll take the "smart" part in a separate box thank you. This allows competition from any vendor. The 'smart' box becomes obsolete much sooner than the TV and can be easily and cheaply replaced. I can have more than one smart box rather than the preselected one built in to a Telescreen. (Amazon, Google, Roku, etc) If I don't like the EULA for one vendor's smart box, it doesn't stop me from buying an outstanding TV.

The public needs to become more aware of this issue so that Telescreens have negative market value.

The link you pointed to says . . .

A revolutionary V6 Processor features a quad-core GPU and dual-core CPU for maximum speed and performance. Enjoy faster usability, quicker TV start-up time and menu navigation, increased image rendering speed and a better Smart TV experience.

Oh, God, please save us from having a Smart TV 'experience'. Otherwise known as a Telescreen.

After a secret conviction you may end up in a secret prison.

A secret warrant.
From a secret court.
Under authority of secret laws.
Or alternately secret interpretations of secret laws.
The secret warrant has a secrecy requirement to gag anyone from telling of the warrant's existence.
Breaching the secrecy can result in secret arrests in the middle of the night by secret agents of agencies that must remain secret.
Any secret trials may use secret evidence and secret testimony that the defense is not allowed to see or refute.


But at least a warrant will be required. Whew! I feel safer already.

I would feel guilty about giving it away and taking advantage of their generous 'unlimited' offer. My point is that there are people who would abuse it. There always have been. Always will be. But that is not a reason to gouge WiFi prices or prevent customers providing their own WiFi devices.

Brain implants are the next major innovation that will usher in a new utopia for mankind.

Just imagine.

Whenever you see or hear anything copyrighted, the brain implant can automatically charge your credit card. Now that's convenience!

This will be good for all. Everyone knows that protecting content is the highest goal and priority of mankind. Pirates are lawbreakers. Lawbreakers should not be allowed* to break the law.

Your fiends at the MPAA and RIAA.


* only the MPAA and RIAA should be allowed to do that