This posting is unlikely to be very interesting to most folks. It will, if it works correctly, have “nothing happen”.
It is a test of passing an encrypted message “in the clear” using a public file store visible to all. Even the recipient does not know the password I used to encrypt the file. I’m going to use a descriptive phrase that he ought to understand and be able to make the password from it (while others can not due to a ‘shared secret’ – something we know but anyone not at the dinner would not know. Though in this case I’m using one that other folks who know the folks involved could likely guess. In an actually important use, I’d choose a harder to guess shared secret).
So the first test will just be “Can the file be uploaded and downloaded” without corruption?
The second test is “Can the intended recipient decode it?”
The final step is “Are others blocked?”
Also, in a real test, the encryption method would not be public, so that would be an added hurdle.
With this case, I’ve encrypted the container as a very small file system (FAT) using TrueCrypt. It can be downloaded here:
The file is a .pdf file qualifier, but not actually a pdf file.
So in FireFox, it tries to open as a PDF and complains that it doesn’t start with %PDF, but then let me save it anyway. At that point, I mounted it with TrueCrypt and opened the container to find my text file inside. It ought to be 300 kB (the minimum size for a FAT file system).
Now the fun bit. In theory, only P.G., me, and our spouses can figure out the password from this clear text “Coded Message”:
P.G., the password is the name of the dish we ordered twice at dinner. No spaces, just the letters. Each word capitalized.
(In a real case, such things as how spaces and capitals are handled would be a previously shared secret or left for the recipient to get by trial and error. As P.G. has no idea I’m doing this, I’m giving excessive clues ;-)
Why P.G.? Well, we have recently had dinner together so there is something we share. If I picked, say, Simon, we don’t have a shared experience base from which to pick a shared secret. Kind of limits my options on who to pick. In real circumstances, one would presumably have more shared life experience with folks important to you and could pick more private means of key sharing. Hopefully P.G. will take the challenge and see if the process works ;-)
If anyone wants to try “cracking the container” feel free (but I think it is likely to be hard, even with a dictionary attack it would take a while as I think you would need to write code to do the TrueCrypt key entry – typing them all by hand would be way slow…)
So here is an example of a semi-secure communication “in the clear”. It ought to allow a bit of communications to happen with folks watching, but unable to read it, at least not without some good crypto-breaking tools. I also used a relatively weak password and gave enough clues that it could be cracked by a brute force attack. Again, in a real case one could use things like a public / private key set ala PGP or other encryptions.
The other major exposures to this method are that I created it on a PC connected to the internet. A key logger or screen scraper on the machine would make the rest pointless. In a real use, the content creation and file encryption would be done on a dedicated isolated machine and moved via something like a burned CD ( so no USB based dongle malware could crawl into the generating machine. NO read/write media goes into it…)
Finally, as I’ve stated who is to do the download / test, and as “TLAs” could simply monitor WordPress or ask for access records, “contact tracing” can be done on this transfer. Folks would know who talked to whom. In a real case, I could make a “disposable identity” for the upload and the recipient would be left anonymous. They would then do the download at a public place (like a Starbucks parking lot) with a dedicated / disposable machine and remain relatively unknown.
Using systems like Tor and Freenet make even that circumlocution optional as they hide the contact trace information anyway. For actual paranoia needs, one would use Tor from the Starbucks parking lot on a disposable machine with a disposable dongle (or writable MAC address). Realize that the anonymizing networks include tools to do private communications and file passing so this circumlocution of file transfer via a public site is theoretically not needed. I’m doing it partly just to demonstrate how you can choose to not completely trust that downloaded software. Sometimes you want belt, and suspenders, and hold the pants up too ;-)
So, in theory at least, this is an example of how to do a private encrypted message passing, including “key exchange” via a “shared secret” in a visible and public system. It is the lowest level of security. All added layers go up from here. It isn’t really any more secure (due to the contact trace being open) than sending the file as an email attachment. I’m doing it here as it IS possible to hide some of the contact trace information using things like the Tor Browser; so can generalize a bit more than email.
At that point the “putting up” of the file is visible, but who downloads it is hidden. Using a bogus ID to create the upload and using Tor to do it would also hide the origination. Oh, and WordPress lets you make private pages that take a password to open, so you could even password protect the download. While that would not stop TLAs, it would prevent random Looky Lous..
FWIW, TrueCrypt looks to be pretty solid and very hard to crack. At least one Agency brought suit to get someone to divulge their key (and they lost the case in this jurisdiction). IMHO that indicates they couldn’t get it cracked. It is possible that the US National TLAs could crack it if they cared to devote enough hardware and time, but if you are worried about that level, then you need to be putting encrypted files inside the encrypted disk and not showing up on folks radar anyway. ( Some “Security by Obscurity” can help…)
So why am I doing this? Partly because as an old Unix Systems Admin I’ve spent decades doing “protect the data” and need to keep some skills up and have the historical interest. Partly it is just cussedness at the way the Police of all nations are starting to “confiscate computers first” and ask questions later. So my stuff is living in encrypted containers now just to keep them busy if they DO decide I ought to have a “Tallbloke and the Constable” moment. Since those constables whacked someone just for being contacted by a random on his blog, I have to assume I could be at the same risk. Better prepared and not needing it than watching my laptop go out the door and wondering what happened. As to where MY encrypted containers might live in The Cloud: “That would be telling.” ;-)