Encrypt everything!!!!!

Erm, I mean, encrypt everything that makes sense to encrypt.


“[Commander of the Watch] Vimes didn’t like the phrase “The innocent have nothing to fear,” believing the innocent had everything to fear, mostly from the guilty but in the longer term even more from those who say things like “The innocent have nothing to fear.”” ~ Terry Pratchett

Cryptography can be used for many things:

  • Enabling authorized transactions
  • Defending free expression
  • Protecting from unauthorized (by you) access to content

Take-Home Lessons

  • We have collectively failed to put crypto into the hands of non-techie users. So far that is.
  • The web seems to be here to stay, but it has an ad-hoc security model added post-hoc.

Its up to you to make it better!?! WTF?


Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. It is as old as “civilisation” itself. Encryption does not prevent interception, but denies the message content to the interceptor.
[linkview show_cat_name=”0″ cat_name=”Encryption”]

Computer Forensics

Encryption does not protect you if and when your machine is already compromised and your keystrokes and/or activity is being logged.
[linkview show_cat_name=”0″ cat_name=”Computer Forensics”]


All disk-encryption is generally vulnerable.

[linkview show_cat_name=”0″ cat_name=”Attacks on encryption”]

Disk encryption

All Operating Systems (linux, windows, mac) support Logical Virtual Memory (in alphabet-soup-speak named “LVM”).

On linux distro’s you can encrypt the entire disk (LVM). Why full disk encryption? Encrypted hard drives may not be safe. And when using full disk encryption (LVMs), most of the file system is encrypted but your boot partition and GRUB are not. And this is a vulnerability and can get you pwnd.

Recommended for linux are dm-crypt + LUKS. It comes with the kernel. Cryptsetup supports TrueCrypt (Now called CipherShed) containers natively.

The swap-partition is not located within ram but on your hard drive – writing into this partition will leave traces of activities on the hard drive itself. If your computer happens to use swap during your use of encryption tools it can happen that the passwords to the keys are written to swap and can then be extracted. You can encrypt the swap space to prevent unauthorised people from reading your virtual memory. Ecryptfs is an excellent tool for that.

[linkview show_cat_name=”0″ cat_name=”Disk and data encryption”]

File encryption

There are 3 ways to hide files: You can physically hide files (put yer files on a CD or USB stick, then hide the stick), you can encrypt files (encrypted data cannot be read directly, it must be unlocked with a key first) and you can use misdirection (hiding the file within another file, container or vault where people do not think to look). And of course you can combine these techniques. How about an encrypted USB stick with an encrypted vault on it that is kept in a secret safe place where nobody would look for it?

The fact that an encryption program “works” does not mean that it is secure. “Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw.” ~ Bruce Schneier.

[linkview show_cat_name=”0″ cat_name=”File encryption”]

Encrypted communication

Encryption For Beginners In an Era of Total Surveillance, guest post by AnonyOdinn, contains a section on installing adium and pidgin for XMPP using OTR.

Analogue landlines are not encrypted, and it is very easy to tap them. Such tapping requires physical access to the line, from for example the phone location, distribution points, trunks, cabinets, bridges and the exchange itself. Cellphones are also easily traced and “tapped”. There is no (or only limited) encryption, the phones are traceable – often even when switched off– since the phone and SIM card broadcast their International Mobile Subscriber Identity (IMSI). It is possible for a cellphone company to turn on some cellphones when the user is unaware and use the built-in mic to listen in on you.

When using steganography such as Nonopticon, mind it’s detectability if not used only incidentally.
[linkview show_cat_name=”0″ cat_name=”Encrypted communication”]

Anti forensics

[linkview show_cat_name=”0″ cat_name=”Anti forensics”]

Leave a Reply

Your email address will not be published. Required fields are marked *