We are still actively working on the spam issue.
Difference between revisions of "Encryption"
(→Windows) |
m (capitalization, grammar, etc.) |
||
| Line 1: | Line 1: | ||
'''Encryption''' is the art of encoding messages in a way that only the intended, authorized person may read it. According to [[Edward Snowden]], strong, tested cryptographic encryption systems were said to be one of the few remaining things that work (i.e. haven't been compromised by the [[NSA]]), and that people can still rely on. | '''Encryption''' is the art of encoding messages in a way that only the intended, authorized person may read it. According to [[Edward Snowden]], strong, tested cryptographic encryption systems were said to be one of the few remaining things that work (i.e. haven't been compromised by the [[NSA]]), and that people can still rely on. | ||
| − | + | ''Truecrypt has now been audited and is safe to use, so long as you [http://istruecryptauditedyet.com/ read this page in its entirety.]''' | |
== Windows == | == Windows == | ||
| Line 30: | Line 30: | ||
You will be prompted for a password. | You will be prompted for a password. | ||
| − | == I | + | == I want to Implement crypto Correctly in my shitty App, what do I do? == |
The best and easiest to use public key crypto library is [http://nacl.cr.yp.to NaCl]. Don't even try creating your own crypto algorithm or using another shitty library. The important part with crypto is ''always use enough randomness in your keys''. If you don't, [http://tobtu.com/decryptocat-old.php this] happens (you can't really have this problem with NaCl though). The other important part is ''always use a unique nonce''. | The best and easiest to use public key crypto library is [http://nacl.cr.yp.to NaCl]. Don't even try creating your own crypto algorithm or using another shitty library. The important part with crypto is ''always use enough randomness in your keys''. If you don't, [http://tobtu.com/decryptocat-old.php this] happens (you can't really have this problem with NaCl though). The other important part is ''always use a unique nonce''. | ||
| Line 38: | Line 38: | ||
If you have a grain of intelligence, before using NaCl for anything you will read everything on the website, especially [http://nacl.cr.yp.to/box.html this] page. | If you have a grain of intelligence, before using NaCl for anything you will read everything on the website, especially [http://nacl.cr.yp.to/box.html this] page. | ||
| − | + | - Why NaCl? | |
1. It's secure (Authentication, protection against timing attacks, etc..) | 1. It's secure (Authentication, protection against timing attacks, etc..) | ||
Revision as of 07:20, 29 June 2015
Encryption is the art of encoding messages in a way that only the intended, authorized person may read it. According to Edward Snowden, strong, tested cryptographic encryption systems were said to be one of the few remaining things that work (i.e. haven't been compromised by the NSA), and that people can still rely on.
Truecrypt has now been audited and is safe to use, so long as you read this page in its entirety.'
Contents
Windows
There is no safe option for serious bulk symmetric encryption on Windows anymore. Windows is as far deep inside the botnet as Mac OS X and must not be used if you have any need of data security. BitLocker is okay if you're hiding your hentai folder from l33t h4x0rs, your mom, normalfags and your idiot friends. Otherwise do not use, as all Microsoft products are backdoored.
Bitlocker has been broken since 2010.
GNU/Linux
dm-crypt
dm-crypt + LUKS is the recommended encryption solution for GNU/Linux. It comes with the kernel. Since version 1.6, cryptsetup supports TrueCrypt containers natively, so there's no need to install TrueCrypt or tc-play.
tc-play
A FOSS Truecrypt implementation to replace the official version. Supports most of Truecrypt's features. Nowadays useful only for reading your Truecrypt volume and migrating it to dm-crypt.
VeraCrypt
TrueCrypt's successor. Is cross-platform and has a TrueCrypt compatibility mode for those with old TC disks.
OpenSSL File Encryption
- Encoding: $ openssl enc -aes-256-cbc -in plaintext.file -out cyphertext.file
- Decoding: $ openssl enc -aes-256-cbc -d -in cyphertext.file > plaintext.file
You will be prompted for a password.
I want to Implement crypto Correctly in my shitty App, what do I do?
The best and easiest to use public key crypto library is NaCl. Don't even try creating your own crypto algorithm or using another shitty library. The important part with crypto is always use enough randomness in your keys. If you don't, this happens (you can't really have this problem with NaCl though). The other important part is always use a unique nonce.
NaCl is real easy to use, just use crypto_box_keypair() to generate a public/private keypair, use crypto_box() to encrypt data and use crypto_box_open() to decrypt it (This is the only function that you need to check the return value, it returns -1 if the decryption failed). Why does crypto_box() use your private key to encrypt a message you ask? That's so the other can check if that encrypted message really came from you, the same reason why crypto_box_open() takes the public guy of the guy who sent you the encrypted data.
If you have a grain of intelligence, before using NaCl for anything you will read everything on the website, especially this page.
- Why NaCl?
1. It's secure (Authentication, protection against timing attacks, etc..)
2. It's fast (RSA is very slow, and the RSA was infiltrated by the NSA).
3. The keys are only 256 bits (It's ECC), and it's as secure as RSA 3072.
Other Links
The Paranoid Crunchbang Security Guide -- Has tools and techniques that apply to other distros as well. Very good resource.
