Well, for the past few months, I've been in an "encryption/security" phase, and so I feel compelled to start this thread...

Anyone have any tips?

"Do's" and "Don't's"?

Software or encryption algorithm recommendations?

Witty comments?

Smartass remarks?



What sayeth GSUS?

**shrugging shoulders smiley we used to have**

I use an OLD version of PGP to encrypt files and folders with a 4096-bit DH/DSS cypher.

I've also used TruCrypt to create an encrypted container to dump files and folders into it. Could also use TruCrypt to encrypt the entire hard drive if you'd like. The only draw back is if your hard drive or partition table ever takes a shit, you'll most likely never get any data back.

2 words: Open Source

Don't trust ANY crypto program that's "Proprietary" or commercial, unless they have no problem allowing you to see what's going on "under the hood" in the code.

Also, when it comes to crypto, the only TRULY unbreakable scheme is the one-time pad, and ONLY if it's implemented correctly. However, it's so cumbersome that for most practical purposes it's impractical.

I do know how to turn my lap top on and off........what do you think I am? stupid or something?

First post of the day...........good mornig to one and all.

I've got an open question - what encryption software would be best to use in conjunction with something like drop box? The idea is you want to store your files in a secure distributed location like drop box or on someone's servers, but you also want your files to be encrypted. Having a big truecrypt container isn't feasible because if you modify one little txt file inside the container, the whole 1 GB container, or whatever size it is, must be re-uploaded in its entirety. Ideally you'd like something that automatically encrypts things on a per-file basis, encrypts file names, and isn't too cumbersome to use when doing productivity work.

Maybe per-file encryption wouldn't even be optimal, perhaps a multi-part container (sort of like a multi-part rar file) would be optimal.

Well, for the past few months, I've been in an "encryption/security" phase,

Large cache of bitcoins, eh?

I've got an open question - what encryption software would be best to use in conjunction with something like drop box? The idea is you want to store your files in a secure distributed location like drop box or on someone's servers, but you also want your files to be encrypted. Having a big truecrypt container isn't feasible because if you modify one little txt file inside the container, the whole 1 GB container, or whatever size it is, must be re-uploaded in its entirety. Ideally you'd like something that automatically encrypts things on a per-file basis, encrypts file names, and isn't too cumbersome to use when doing productivity work.

There is an open-source program that creates a "Container" file that, once the proper password is entered, mounts the file as a drive, allowing you to modify files inside of it. If your server allows you to access/modify files as a remote file, it will do what you want. Unfortunately, I can't remember the name of it, you'll need to google a bit to find it, but it sounds like exactly what you're looking for. Sorry I can't be more specific on the name...

There is an open-source program that creates a "Container" file that, once the proper password is entered, mounts the file as a drive, allowing you to modify files inside of it. If your server allows you to access/modify files as a remote file, it will do what you want. Unfortunately, I can't remember the name of it, you'll need to google a bit to find it, but it sounds like exactly what you're looking for. Sorry I can't be more specific on the name...
It sounds like you're describing Truecrypt.

It sounds like you're describing Truecrypt.

That name sounds right. It's been about 5 years since I was really interested in crypto stuff... I've forgotten a lot!

FreeOTFE is an open source, cross-platform (although I have not yet run it on any of my linux machines yet... I've just played with it a bit on windows) alternative to TrueCrypt, which I believe is proprietary.

if they write it they can also break into it . are am i missing some thing here

What are you looking to do - Encrypt specific files? The whole computer? Email?

if they write it they can also break into it . are am i missing some thing here

Not true, The key to encryption is it's ability to randomize its keys. Even if you program in thousands of keys you'll never know which one was used in the cypher.

hey i need some help settin up my linksys router so no one can get on it and use it ... how do you set it up . i know were talking about some thing else but what the hell thanks mick

hey i need some help settin up my linksys router so no one can get on it and use it ... how do you set it up . i know were talking about some thing else but what the hell thanks mick

Depends on the model. I have a Linksys E3000 series router, and I am currently using WPA2/AES for the encryption. Which as it stands now hasn't been cracked. TKIP has known security flaws. But even utilizing WPA will make it more trouble than it's worth to attempt to break in. If you tell me what model you have I'll find you some step by step instructions in locking it down, if need be I'll write out the steps. :)

I use an OLD version of PGP to encrypt files and folders with a 4096-bit DH/DSS cypher.

I've also used TruCrypt to create an encrypted container to dump files and folders into it. Could also use TruCrypt to encrypt the entire hard drive if you'd like. The only draw back is if your hard drive or partition table ever takes a shit, you'll most likely never get any data back.

Is there a way to create a 4096-bit or higher GPG key using windows? The software I'm currently using for windows will only allow 2048 or 3072-bit max (at least with the GUI... I haven't really messed with the CLI for GPG).

Is there a way to create a 4096-bit or higher GPG key using windows? The software I'm currently using for windows will only allow 2048 or 3072-bit max (at least with the GUI... I haven't really messed with the CLI for GPG).

Yep, PGP will allow you to create a 4096-Bit key. At least the version I am currently using. If you still have the login information I gave you I'll put it on my FTP server and you can download it. It's a little buggy installing on Windows 7, but Windows XP on down it works flawlessly.

I was thinking of posting a thread asking who wanted to trade off gpg/pgp public keys. Look at the Linux Security Cookbook for some good basic info. I only use GPG for file encryption and dm_crypt for disk encryption.

Yep, PGP will allow you to create a 4096-Bit key. At least the version I am currently using. If you still have the login information I gave you I'll put it on my FTP server and you can download it. It's a little buggy installing on Windows 7, but Windows XP on down it works flawlessly.

That would be great! GPG4Win doesn't seem to be cuttin' it for me.

Anyone who wants the PGP version I have for windows can find it here.

Sorry URL isn't working. If you have an FTP client here is the login information.

Site: digitalchaos.no-ip.info

Username: sirgonzo420

password: gold.silver

Port: 21

That would be great! GPG4Win doesn't seem to be cuttin' it for me.

I thought you were a linux user.... Maybe I'm thinking of someone else. File encryption is easy with GPG. I usually make an iso file of everything I need to encrypt and then use gpg. [gpg also uses compression] command: gpg -c filename

I thought you were a linux user.... Maybe I'm thinking of someone else. File encryption is easy with GPG. I usually make an iso file of everything I need to encrypt and then use gpg. [gpg also uses compression] command: gpg -c filename

I run both... windows and linux.

I was trying to create a new key on my windows machine (the only computer I had handy at the time), but was having trouble creating a 4096-bit key with any of the windows gpg programs.

With linux, gpg seems to work a little smoother... I even have a mail client on my linux machine (clawsmail) that can encrypt/sign/decrypt/verify with my keyring within the mail client itself. I'm sure I could do pretty much the same thing with windows and outlook or something like that, but I've never tried it on windows - I prefer to use linux.

I run both... windows and linux.

I was trying to create a new key on my windows machine (the only computer I had handy at the time), but was having trouble creating a 4096-bit key with any of the windows gpg programs.

With linux, gpg seems to work a little smoother... I even have a mail client on my linux machine (clawsmail) that can encrypt/sign/decrypt/verify with my keyring within the mail client itself. I'm sure I could do pretty much the same thing with windows and outlook or something like that, but I've never tried it on windows - I prefer to use linux.

That PGP client you downloaded from me yesterday has an Outlook plugin that will allow you to do that. I and a friend created 4096-bit keys but it seemed kind of useless to send practically 1MB just to say "Hi!."

For encryption of individual files I use Cryptoforge which supports 448-bit blowfish. For my most secure files, I use a 28 character long alphanumeric upper case lower case key. The program encrypts at lightning speed.

For encryption of an entire folder/directory, I use a program called "My Lockbox."

Both of these are very easy to setup and use in WIN 7 and XP.

think reverse high tech

http://oldcomputers.net/pics/floppy8.gif

i thought that when the PGP guy gave up his technology the government put a back door in it like they did with the security certificate companys, thawte and verisign. Could be wrong.

Truecrypt, eraser, dban.

With truecrypt you can do some clever stuff such as invisible archives, full disk encryption etc. There is a story about an encrypted Pc, not the best subject matter, but a young man in the UK is accused of having child porn on his PC. It has an archive on it and as far as I know the guy is still in jail for refusing to provide the pasword to the archive and the police haven't been able to crack it. The story is probably a couple years old now and the guy have been in jail almost a year by then. As I said, not the best subject. I fully expected the cops just to plant some stuff on there and get on with it.

Eraser will clean disks of readable data. Just because you deleted a file doesnot mean it cannot be forensically recovered. Eraser has several option for disk overwrite. I believe the ideal number of times to overwrite data is about 24 times to ensure it cannot be recovered. It can take a long time to do 24 writes on a whole disk.

dban. Need to check this name. It is basically a disk nuker. You can hit this app and it will trash your hard drive as fast as it can. I think you can run it silently.

dban. Need to check this name. It is basically a disk nuker. You can hit this app and it will trash your hard drive as fast as it can. I think you can run it silently.

For secure file deleting I use shred. This command will give 25 passes. Here is my output for test.txt

shred -n 25 -u -v -z test.txt

shred: test.txt: pass 1/26 (random)...
shred: test.txt: pass 2/26 (000000)...
shred: test.txt: pass 3/26 (444444)...
shred: test.txt: pass 4/26 (777777)...
shred: test.txt: pass 5/26 (333333)...
shred: test.txt: pass 6/26 (492492)...
shred: test.txt: pass 7/26 (dddddd)...
shred: test.txt: pass 8/26 (cccccc)...
shred: test.txt: pass 9/26 (924924)...
shred: test.txt: pass 10/26 (ffffff)...
shred: test.txt: pass 11/26 (555555)...
shred: test.txt: pass 12/26 (111111)...
shred: test.txt: pass 13/26 (random)...
shred: test.txt: pass 14/26 (6db6db)...
shred: test.txt: pass 15/26 (aaaaaa)...
shred: test.txt: pass 16/26 (249249)...
shred: test.txt: pass 17/26 (888888)...
shred: test.txt: pass 18/26 (b6db6d)...
shred: test.txt: pass 19/26 (222222)...
shred: test.txt: pass 20/26 (db6db6)...
shred: test.txt: pass 21/26 (bbbbbb)...
shred: test.txt: pass 22/26 (999999)...
shred: test.txt: pass 23/26 (eeeeee)...
shred: test.txt: pass 24/26 (666666)...
shred: test.txt: pass 25/26 (random)...
shred: test.txt: pass 26/26 (000000)...
shred: test.txt: removing
shred: test.txt: renamed to 00000000
shred: 00000000: renamed to 0000000
shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: test.txt: removed

I figured that this thread could use a bump, as encryption and computer security is more important now than ever.