We are still actively working on the spam issue.
Difference between revisions of "Encryption"
(Removed all information that is lacking a credible source...) |
(--iter-time proof of working) |
||
| Line 17: | Line 17: | ||
dm-crypt + LUKS is the recommended encryption solution for GNU/Linux. It comes with the kernel. | dm-crypt + LUKS is the recommended encryption solution for GNU/Linux. It comes with the kernel. | ||
Since version 1.6, cryptsetup supports TrueCrypt containers natively, so there's no need to install TrueCrypt or tc-play. | Since version 1.6, cryptsetup supports TrueCrypt containers natively, so there's no need to install TrueCrypt or tc-play. | ||
| + | |||
| + | Take note of the --iter-time parameter while creating a dm-crypt volume. This creates a time delay to guard against brute force attacks, which the FBI have [https://www.techdirt.com/articles/20160216/17393733617/no-judge-did-not-just-order-apple-to-break-encryption-san-bernardino-shooters-iphone-to-create-new-backdoor.shtml shown] that they have [https://assets.documentcloud.org/documents/2714005/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf problems] attacking. | ||
==== [https://github.com/bwalex/tc-play tc-play] ==== | ==== [https://github.com/bwalex/tc-play tc-play] ==== | ||
Revision as of 15:22, 17 February 2016
Encryption is the art of encoding messages in a way that only the intended, authorized person may read it. According to Edward Snowden, strong, tested cryptographic encryption systems were said to be one of the few remaining things that work (i.e. haven't been compromised by the NSA), and that people can still rely on.
Contents
Windows
Bitlocker was reported to have been attacked in 2010 through ElectroMagnetic leaking of cryptographic keys from the TPM chip. Bruce Schneier and The Intercept still recommend the software. Do your own research.
Since Microsoft's operating system is closed-source, it is possible that the Bitlocker encryption is backdoored.
TrueCrypt has been abandoned since 05/2014. A crypto audit completed in 05/2015 reports it as 'a well-designed piece of software with only minor issues'. VeraCrypt, a fork from TrueCrypt, continues its development. This is technically illegal (as the TrueCrypt software license does not allow forks), but there is little chance of the original TrueCrypt developers launching a lawsuit against VeraCrypt.
OS X
Again, much like Windows, there is no safe option for bulk symmetric encryption on OS X. FileVault is only acceptable if you're hiding files from thieves and simple adversaries. OS X is backdoored by the Apple, which gives information about users to the NSA. [citation needed]
GNU/Linux
dm-crypt
dm-crypt + LUKS is the recommended encryption solution for GNU/Linux. It comes with the kernel. Since version 1.6, cryptsetup supports TrueCrypt containers natively, so there's no need to install TrueCrypt or tc-play.
Take note of the --iter-time parameter while creating a dm-crypt volume. This creates a time delay to guard against brute force attacks, which the FBI have shown that they have problems attacking.
tc-play
A FOSS Truecrypt implementation to replace the official version. Supports most of Truecrypt's features. Nowadays useful only for reading your Truecrypt volume and migrating it to dm-crypt.
VeraCrypt
TrueCrypt's successor. Is cross-platform and has a TrueCrypt compatibility mode for those with old TC disks.
OpenSSL File Encryption
- Encoding: $ openssl enc -aes-256-cbc -in plaintext.file -out cyphertext.file
- Decoding: $ openssl enc -aes-256-cbc -d -in cyphertext.file > plaintext.file
You will be prompted for a password.
Cryptology in Applications
The best and easiest to use public key crypto library is NaCl. Don't even try creating your own crypto algorithm or using another shitty library. The important part with crypto is always use enough randomness in your keys. If you don't, this happens (you can't really have this problem with NaCl though). The other important part is always use a unique nonce.
NaCl is real easy to use, just use crypto_box_keypair() to generate a public/private keypair, use crypto_box() to encrypt data and use crypto_box_open() to decrypt it (This is the only function that you need to check the return value, it returns -1 if the decryption failed). Why does crypto_box() use your private key to encrypt a message you ask? That's so the other can check if that encrypted message really came from you, the same reason why crypto_box_open() takes the public guy of the guy who sent you the encrypted data.
If you have a grain of intelligence, before using NaCl for anything you will read everything on the website, especially this page.
- Why NaCl?
- It's secure (Authentication, protection against timing attacks, etc..)
- It's fast (RSA is very slow, and the RSA was backdoored by the NSA).
- The keys are only 256 bits (It's ECC), and it's as secure as RSA 3072.
Other Links
This Crunchbang forum post (named "The Paranoid Crunchbang Security Guide") has tools and techniques that specifically apply to #!++ (Crunchbang Plus-Plus), but easily applies to other distros as well. Very good resource.
This is an explanation into why TrueCrypt is still safe to use, as well as this.
Here and here are both links to TrueCrypt's spiritual successor, VeraCrypt.
Bitlocker and FileVault links are here if you are absolutely fucking retarded and haven't read a single thing on this page. Cat photos only.
Also check Fucko for other tips.
