Member-only story
Python for Less-Terrible Secret-sharing
“I’ll just paste this into the chat and then delete it.”
Your secrets don’t need to live on a server in the cloud forever. If you paste a password into chat and then delete it, how confident are you that deleting the message really deletes the message? And how about your corporate email server that’s holding that private RSA key that you’ve been passing around to your team members for the past 3 years via attachments named nothing_to_see_here.txt?
Let me share a process and some code snippets that will add just a teensy bit more security to your life. Should these code snippets be made a part of some critical, high-security process? No. Are they better than the methods described above? Yes. I’m calling this process LTS: Less-Terrible Secret-sharing.
Because it’s still a little terrible. But it’s less terrible.
The LTS Process
Here’s the process. It’s fairly straightforward. When two people are chatting or emailing, and Person A is about to share a secret with Person B, Person A should use a very basic code snippet to encrypt the secret using a password. They can then share the encrypted secret with Person B via message or email. Person A also needs to orally share the password — not in a written form. Note that the increased…
