Difference between revisions of "Encrypting everything"
From Gender and Tech Resources
(Created page with "Until it is destroyed http://gizmodo.com/5912383/how-to-destroy-the-internet or we run out of resources to maintain it's cables, bridges, root servers and data centers, or som...") |
m |
||
| Line 1: | Line 1: | ||
| − | Until it is destroyed http://gizmodo.com/5912383/how-to-destroy-the-internet or we run out of resources to maintain | + | Until it is destroyed <ref>How to destroy the internet http://gizmodo.com/5912383/how-to-destroy-the-internet</ref>, or we run out of resources to maintain its cables, bridges, root servers and data centers, or some idiot(s) replace(s) the current internet with a panopticon-like or a military-and-corporate-only global network, the web seems to be here to stay ... but it has an ad-hoc security model added post-hoc and it is up to us to make it better!?! WTF? |
And there's a whole lot of information that we may not want other people to see: | And there's a whole lot of information that we may not want other people to see: | ||
| Line 31: | Line 31: | ||
== Cryptography == | == Cryptography == | ||
| + | |||
| + | [[File:Theimitationgame.jpg|480px|thumb|right|The imitation game is a nail-biting race against time following Alan Turing (pioneer of modern-day computing and credited with cracking the German Enigma code) and his brilliant team at Britain’s top-secret code-breaking centre, Bletchley Park, during the darkest days of World War II. Turing, whose contributions and genius significantly shortened the war, saving thousands of lives, was the eventual victim of an unenlightened British establishment, but his work and legacy live on. http://theimitationgamemovie.com/]] | ||
| + | |||
Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. With the advent of the net we can all use it for: | Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. With the advent of the net we can all use it for: | ||
| Line 36: | Line 39: | ||
* Defending free expression. | * Defending free expression. | ||
* Protecting our space, our ''objects and channels'', from unauthorized access. | * Protecting our space, our ''objects and channels'', from unauthorized access. | ||
| − | * Collectively failing to put crypto into | + | * Collectively failing to put crypto into our own hands. |
| + | |||
| + | === Basic cryptography concepts === | ||
| + | |||
| + | * The science of sending concealed messages is known as ''steganography'' (concealed writing). It is not very secure by itself. If someone finds the hidden message, all its secrets are revealed. | ||
| + | * Manipulating a message so that it can not be read even if it were intercepted is known as ''cryptography''(hidden writing). | ||
| + | * Cryptography takes two forms: ''codes'' and ''ciphers''. | ||
| + | * A ''code'' is essentially a secret language invented to conceal the meaning of a message, a system for hiding the meaning of a message by replacing each word or phrase in the original message with another character or set of characters (''codegroups''). The list of replacements is contained within a codebook. To protect a message in this way is called ''encoding''. Encoding has no built-in flexibility. | ||
| + | * A ''cipher''conceals a plaintext message by replacing or scrambling its letters. This process is known as ''enciphering'' and results in a ''ciphertext'' message. Converting a ''ciphertext'' message back to a ''plaintext'' message is known as ''deciphering''. Each ''cipher'' can be split into two halves: the ''algorithm'' and the ''key''. The key gives a cipher some built in flexibility. | ||
| + | * There are two classes of ciphers. A ''substitution cipher'' changes the letters in a message to another set of letters, or ''cipher alphabet'', while a ''transposition cipher'' shuffles the letters around. | ||
| + | * Coded messages are often enciphered to improve their security, a process known as ''superencipherment''. | ||
| + | * ''Encryption'' covers both the act of ''encoding'' and ''enciphering''. | ||
| + | * ''Decryption'' covers both ''decoding'' and ''deciphering''. | ||
| + | * ''Cryptotext'' covers both ''codetext'' and ''ciphertext'' but ''encicode'' is sometimes used instead. | ||
| + | * The science of breaking ''cryptotext'' or ''encicode'' is known as ''cryptanalysis''. | ||
| + | * The two fields ''cryptography'' and ''cryptanalysis'' together make up the science of ''cryptology''. | ||
| + | |||
| + | Most forms of cryptography used today rely on computers. Ciphers are better known today as algorithms, the guides for encryption -- they provide a way in which to craft a message and give a certain range of possible combinations. A key, on the other hand, helps a person or computer figure out the one possibility on a given occasion. | ||
| + | |||
| + | ==== Symmetric-key encryption ==== | ||
| + | |||
| + | ==== Public-key encryption ==== | ||
| + | |||
| + | == Steganography == | ||
| + | |||
| + | == Disk encryption == | ||
| + | |||
| + | * All Operating Systems (linux, windows, mac) support Logical Virtual Memory (in alphabet-soup-speak named ''LVM''). | ||
| + | * On linux distro’s you can encrypt the entire disk (LVM). Why full disk encryption? Encrypted hard drives may not be safe. And when using full disk encryption (LVMs), most of the file system is encrypted but your boot partition and GRUB are not. And this is a vulnerability that can get you pwnd. | ||
| + | * Recommended for linux are dm-crypt + LUKS. It comes with the kernel. | ||
| + | * The swap-partition is not located within ram but on your hard drive – writing into this partition will leave traces of activities on the hard drive itself. If your computer happens to use swap during your use of encryption tools it can happen that the passwords to the keys are written to swap and can then be extracted. You can encrypt the swap space to prevent unauthorised people from reading your virtual memory. Ecryptfs is an excellent tool for that. | ||
| + | |||
| + | == File encryption == | ||
| + | |||
| + | There are 3 ways to hide files: You can physically hide files (put yer files on a CD or USB stick, then hide the stick), you can encrypt files (encrypted data cannot be read directly, it must be unlocked with a key first) and you can use misdirection (hiding the file within another file, container or vault where people do not think to look). And of course you can combine these techniques. How about an encrypted USB stick with an encrypted vault on it that is kept in a secret safe place where nobody would look for it? | ||
| + | |||
| + | Note: The fact that an encryption program "works" does not mean that it is secure. ''Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw.'' ~ Bruce Schneier. | ||
| + | |||
| + | == Related == | ||
| + | |||
| + | * [[Installing linux]] | ||
| + | * [[Linux applications]] | ||
| + | * [[Linux security]] | ||
| + | * [[Kinky linux command-line]] | ||
| + | * [[Anonymising your traffic with linux]] | ||
| + | * [[Clean up all the things]] | ||
| + | * [[Shell scripting]] | ||
| + | |||
| + | == References == | ||
Revision as of 18:57, 23 July 2015
Until it is destroyed [1], or we run out of resources to maintain its cables, bridges, root servers and data centers, or some idiot(s) replace(s) the current internet with a panopticon-like or a military-and-corporate-only global network, the web seems to be here to stay ... but it has an ad-hoc security model added post-hoc and it is up to us to make it better!?! WTF?
And there's a whole lot of information that we may not want other people to see:
- Credit-card information
- Social security numbers
- Private correspondence
- Personal details
- Bank-account information
- Medical health records
- Other sensitive information
Also, see anonymising your traffic with linux and clean up all the things.
Contents
Using removable storage media
A simple but straightforward security method is to keep all sensitive information on removable storage media like portable flash memory drives or external hard drives that you only mount the device when you need access to it. You can turn old harddrives into external harddrives by taking them out of an old PC and putting them in a portable HDD USB storage kit (alias harddrive enclosure). These "DIY" kits are available for 2.5 inch and 3.5 inch HDD using either IDE or SATA connections and cost way less than a manufactured USB HDD.
You may have a permission problem accessing it. If so, change the group of /media/[externaldisk] to storage, change permissions to 775 and add users that need to be able to write to disk to the storage group (re-log required before changes are visible).
As root (or use sudo) do:
# chgrp storage /media/[externaldisk] # chmod 775 /media/[externaldisk] # gpasswd -a [user] storage
This way everyone will be able to read the disk, but only root and users in storage group will be able to write to it. If you want everyone to be able to read/write, use chmod 777. If the operation isn't permitted while running it as root you probably need to add support for the NTFS file system first:
# apt-get update # apt-get install ntfs-3g
But the most popular forms of security all rely on encryption, the process of encoding information in such a way that only the person (or computer) with the key can decode it.
Cryptography
Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. With the advent of the net we can all use it for:
- Enabling authorized transactions.
- Defending free expression.
- Protecting our space, our objects and channels, from unauthorized access.
- Collectively failing to put crypto into our own hands.
Basic cryptography concepts
- The science of sending concealed messages is known as steganography (concealed writing). It is not very secure by itself. If someone finds the hidden message, all its secrets are revealed.
- Manipulating a message so that it can not be read even if it were intercepted is known as cryptography(hidden writing).
- Cryptography takes two forms: codes and ciphers.
- A code is essentially a secret language invented to conceal the meaning of a message, a system for hiding the meaning of a message by replacing each word or phrase in the original message with another character or set of characters (codegroups). The list of replacements is contained within a codebook. To protect a message in this way is called encoding. Encoding has no built-in flexibility.
- A cipherconceals a plaintext message by replacing or scrambling its letters. This process is known as enciphering and results in a ciphertext message. Converting a ciphertext message back to a plaintext message is known as deciphering. Each cipher can be split into two halves: the algorithm and the key. The key gives a cipher some built in flexibility.
- There are two classes of ciphers. A substitution cipher changes the letters in a message to another set of letters, or cipher alphabet, while a transposition cipher shuffles the letters around.
- Coded messages are often enciphered to improve their security, a process known as superencipherment.
- Encryption covers both the act of encoding and enciphering.
- Decryption covers both decoding and deciphering.
- Cryptotext covers both codetext and ciphertext but encicode is sometimes used instead.
- The science of breaking cryptotext or encicode is known as cryptanalysis.
- The two fields cryptography and cryptanalysis together make up the science of cryptology.
Most forms of cryptography used today rely on computers. Ciphers are better known today as algorithms, the guides for encryption -- they provide a way in which to craft a message and give a certain range of possible combinations. A key, on the other hand, helps a person or computer figure out the one possibility on a given occasion.
Symmetric-key encryption
Public-key encryption
Steganography
Disk encryption
- All Operating Systems (linux, windows, mac) support Logical Virtual Memory (in alphabet-soup-speak named LVM).
- On linux distro’s you can encrypt the entire disk (LVM). Why full disk encryption? Encrypted hard drives may not be safe. And when using full disk encryption (LVMs), most of the file system is encrypted but your boot partition and GRUB are not. And this is a vulnerability that can get you pwnd.
- Recommended for linux are dm-crypt + LUKS. It comes with the kernel.
- The swap-partition is not located within ram but on your hard drive – writing into this partition will leave traces of activities on the hard drive itself. If your computer happens to use swap during your use of encryption tools it can happen that the passwords to the keys are written to swap and can then be extracted. You can encrypt the swap space to prevent unauthorised people from reading your virtual memory. Ecryptfs is an excellent tool for that.
File encryption
There are 3 ways to hide files: You can physically hide files (put yer files on a CD or USB stick, then hide the stick), you can encrypt files (encrypted data cannot be read directly, it must be unlocked with a key first) and you can use misdirection (hiding the file within another file, container or vault where people do not think to look). And of course you can combine these techniques. How about an encrypted USB stick with an encrypted vault on it that is kept in a secret safe place where nobody would look for it?
Note: The fact that an encryption program "works" does not mean that it is secure. Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. ~ Bruce Schneier.
Related
- Installing linux
- Linux applications
- Linux security
- Kinky linux command-line
- Anonymising your traffic with linux
- Clean up all the things
- Shell scripting
References
- ↑ How to destroy the internet http://gizmodo.com/5912383/how-to-destroy-the-internet