What's the best way to securely exchange files with our customers and outside contractors? We've tried secure FTP, but not everyone has the right software or knows how to use it. We'd prefer some encryption options that use interfaces the typical user would be more comfortable with yet that are secure.

I have yet to find the perfect file-encryption utility that combines ease of use and an excellent encryption implementation. That said, the encryption features in Microsoft Office Word 2003 and Microsoft Office Excel 2003 or in WinZip Computing's WinZip might be sufficient for your needs if you follow a few basic rules.

In Word 2003 and Excel 2003, you can specify a password that will then be required to open the document. With the document open, select Tools, Options, Security. Click Advanced, and select RC4, Microsoft Strong Cryptographic Provider, choose a key length of 128 (bits), and select the Encrypt document properties option, as Figure 2 shows. Make sure you specify a password that has at least eight random characters, but to get close to the entropy of a truly random key, 20 characters are much better.

Even though you're using a 128-bit key, your document is still subject to some minor vulnerabilities due to how Office implements the encryption. The biggest problem is that no matter how many versions of the document you exchange with another person, as long as you keep using the same password, Excel and Word will keep using the same encryption key. Key reuse is a big no-no with encryption, yet people typically prefer to agree to a password with the opposite party over the phone and then reuse that password for each exchange of information.

The vulnerability of key-reuse with stream ciphers such as RC4 is a problem only when other prerequisites are met regarding the key and data, and these prerequisites seldom occur with Office documents. The risk is low enough that for most corporate information, you can ignore it. Nevertheless, for the strongest security, you can compensate for the key-reuse vulnerability by appending a number to the end of the password and incrementing that number each time you use the same password. Believe it or not, you can include this number in the clear text of the email message if you're sending the encrypted file as an attachment. The number doesn't need to be a secret--it's just required to make each encryption key technically different to obviate the funky mathematical phenonema that make key-reuse attacks possible.

WinZip's encryption is better than Office's, and WinZip can handle all types of files. To use WinZip's encryption feature on a file, zip the file as usual. Then with the WinZip archive still open, select the file and click the Encrypt button on the toolbar. Enter the password and select 256-bit Advanced Encryption Standard (AES) encryption. Note that WinZip doesn't encrypt entire archives (.zip files)--just specific files within an archive. WinZip identifies an encrypted file with an asterisk (*) next to the filename.

You still need to be careful with your keys because WinZip has some arcane encryption vulnerabilities. Here are a few recommendations that will compensate. First, increment your passwords as I recommended for Office. Also, avoid encrypting multiple files in one .zip file. If you need to send multiple encrypted files, archive them in a .zip file, then archive that .zip file inside another one and encrypt the inner .zip file. Finally, be suspicious of any email message that either party receives in which the apparent sender claims the file was corrupted. Such a message might be from an impostor as part of a "chosen text" attack. For more detailed information about WinZip's encryption vulnerabilities, see "Attacking and Repairing the WinZip Encryption Scheme" at http://www.cse.ucsd.edu/ users/tkohno/papers/WinZip/winzip .pdf.