Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
Portables

Journal nizo's Journal: Is a fax more secure than email? 12

Journal by nizo

I had an argument today with someone who seemed to think that a fax was less secure than email. Personally I think he is insane. So, given the following:

- A normal fax machine, with limited access, and the recipient waiting to get a fax

v.s.

- A standard non-encrypted email message travelling over the intertubes

which do you think is more secure?

This discussion has been archived. No new comments can be posted.

Is a fax more secure than email? More

Is a fax more secure than email?

Comments Filter:
  • Since it goes over a line that can be tapped in either instance - and if sent thru any of the major nodes is tapped by the NSA among others.

    But literally - yes. A fax by nature of the method of transmission is more secure.

    However, the received image is still in the buffer, and you can code the machine to send such stored images to another location, so no.

    You'd have to control the source and originating machines, access to them, ignore the NSA overrides in all of them (they're in most printers too), and all
  • Fax is more secure from your sysadmin, or anyone else that might get privileged access to the mail servers.
    Email is more secure from the NSA, DHS, etc., though only marginally so.

    Email is easier to make more secure.
  • Neither is secure.

    A further question that needs answer is, "Safe from who?" Keeping your data safe from Joe Random Slashdot user is simple. Keeping your data safe from the FBI or the illuminati is a different problem altogether.

    It is easy for the government to get phone tapping access. Decoding fax transmissions must be old hat by now since the technology has been around for 20+ years. So "sniffing" a fax is probably technically and phsyically easy.

    It is slightly more difficult, but still very easy for t
    • "Cryptography is widely available. Has the government broken it? I have no idea. I do know that it'll keep your local law enforcement from reading your email though (might not keep the NSA/FBI/CIA from reading it)."

      One of the things that's occurred to me is that the NSA is in a position to sniff all traffic to and from some key authorities, such as (for instance) South Africa based Thawte. So my S/MIME e-mail certificate from them, and therefore all the e-mail those certs protect, is only as secure as the c

      • Re: (Score:1)

        by tqft ( 619476 )
        The NSA probably has already either coerced the organisation or rubber-hosed a few individuals or even planted one of their own to get the keys.

        Why waste years running numbers when you have staff easily capable of being the key holders sysadmins/senior security researchers sitting around? Put them on assignment - 2 jobs 2 paychecks - walk out with keys.

        No disrespect to all those who work there but it only takes one individual. How do you explain it to the brass? We sent someone in who walked out with the
        • Oh, well, yes. I'm just saying that, even assuming the integrity of the certificate authority itself remains unbreached, they still have another point of broad potential failure to attack. I'm sure the intel services as a whole would prefer to make it an inside job, but I imagine that to the NSA such a solution would lack elegance. :-)

      • One of the things that's occurred to me is that the NSA is in a position to sniff all traffic to and from some key authorities

        It might be that my caffeine isn't working yet, but "certificate authorities" are not there to provide keys in the sense of "hey, here have a key", but their function is authentication. A certificate authority says: "Here is the key of such and such, and I say it's him and noone else". You can have perfectly fine encryption, point-to-point without a third party by encrypting your

        • Yep, I think you stirred your coffee too slowly. :-)

          The "web of trust" is a PGP concept that quantifies how much you trust your buddies, and how much you trust your buddies to trust other people. It's decentralized. So on Slashdot I sort-of know Nizo, and I know you have some relationship to Nizo, but I don't know you at all. But if Nizo signed your key, then I'm going to believe this key does belong to you. Note that in this signing that Slashdot has nothing to do with the signing process, there is n

  • All I want to know is why anybody still uses this POS tech anymore. I waste far too much time and money on faxes and the problems they (and ignorant idiots) produce.

    Not that email's any less error-prone, it's just a lot cheaper to run and troubleshoot.

    • The courts (at least up here) still don't accept emails for such things as service of a motion on the other party (which is something I used the office fax for today to "remind" the government that it is their duty to appear on the 1st, or be in contempt).

      Compared to the cost and hassle of service "the old-fashioned way", I like it.

  • At the risk of sounding too literal, security is only relative to the actual proactive precautions one takes to secure something (e.g., encryption)-- not relying on various unknown general factors.

    Otherwise, on some levels it's a little like arguing whether the rhythm method or IUDs are better as ways to keep from contracting AIDS.

Slashdot Top Deals

The idle man does not know what it is to enjoy rest.

Close