Ask HN: Where is the consumer-grade encryption?

5 points by adambard ↗ HN
Let's say my mother was reading about the NSA spying on everyone, and email my aunt the family cake recipe without exposing it. She knows enough about computers to know that there's some way to keep things secret, and maybe even knows what "encrypted" means in a broad sense. So she calls me up and asks what she can use to encrypt her cake recipe.

I'm not sure I could ever explain asymmetric encryption to my mother, but it's not too difficult to imagine how one might simplify existing encryption software to work with symmetric encryption -- everyone who uses a computer understands what a password is.

So why has no standard emerged for this? I've seen various versions of it, from encrypted RAR files to the buried-in-properties file encryption offered by Windows Vista Pro and up, but nothing has ever "caught on."

The simplest workflow I can imagine is the user opening a program, selecting a file, entering a passphrase, and receiving an encrypted file. The user emails the file as an attachment to someone with advance knowledge of the passphrase, and they use the same program to decrypt the document and enjoy delicious cake. I'm sure this exists, but I have no idea where it is or what it's called.

2 comments

[ 2.5 ms ] story [ 13.0 ms ] thread
The standards are SSL and OS based key escrow for password protected archives. That is all consumers "get". PGP, now GPG, has been around for 30 years and Joe Sixpack still doesn't use it.

Why this is so is left as an exercise for the reader.

There's plenty of software out there.

One example: use 7-zip to compress to an encrypted .zip or .7z archive. Uses AES-256 and is dead-simple to use.