OK, I’ve spent a while looking at things like PGP and GPG and how they integrate with various email programs (and how many integration problems folks have had with emailers and the encryption methods…)
I’m still looking for something reasonably usable that doesn’t require a whole lot of caveats and / or knowing things about the particular operating systems or releases of software used. While the convenience of automated key rings and public key encryption are large (especially things like avoiding the need for a “code book”) the search so far has involved “trusting” a bit more than I like.
Since we know, for example, that various TLAs have requested large commercial software suppliers to “provide a back door” in their products, I’m a bit leery of trusting such software to be devoid of back doors.
Because of this, I lean toward software that has Source Code available and published. Even if I have not done the verification personally (which would be ideal) the odds are high that someone else has done it.
In looking at the various options, it looks like encrypting the message prior to sending it has some merit. First off, the encryption can be done on a system that is NOT the one used for the sending. Any machine connected to the internet is subject to compromise and could have a key logger or similar snooping tool installed that could read the password / passphrase as it is typed. By doing the encryption on one machine that is isolated, then passing the file in “write once” media to the sending machine, there is much more protection against those kinds of machine compromise attacks.
The media could be a CD that is then archived or destroyed, or it could be an SD card that would be formatted after the send – and even formatted again in some other device before being reused on the encrypting machine. Paranoid? Well, yes, security is like that… So personally I would put the SD card in an old camera and tell it to FORMAT. Any malware trying to crawl up stream ought not to survive something as stupid as a camera doing a format. ;-)
There were “Active Picture Frames” from China where you plug them into the USB slot and just download a picture jpg into them; that were found to come from the factory with malware pre-installed that would compromise the target and provide access to Chinese hackers. ANY device that is a data store could be so compromised. I always format USB storage chips in a camera first if at all possible. (I like to use SD cards in a USB adapter rather than a “stick” for just that reason.)
So I went looking for a file encryptor. There are a lot of them, but I kind of like AES. It has source code available, works on all of Linux, Mac and Windows including several versions. Free download too.
I’ve given it a bit of a trial run and it worked very easily. The encryptor ends up as an option on a Right-Click of any file.
I have not vetted that site as being secure and valid. It looks like it is, but until vetted: that is just a bit of hope. So before using this for anything that matters, it would be good to “snoop around” and look for validation for the site. (It would be ideal to just download the source code and do a ‘from scratch’ build, then compare the binaries for “oddities” such as significant size difference or highly variable byte patterns. )
With that said, the software was easy to use and did what it claimed to do, near as I could tell from a casual look at the files produced. A brief wandering around the site looked “pretty good” too.
They also have a pretty good description of passwords and how to make a secure one. Oddly, they use as a ‘crackable’ example a method that was common practice about 20 years ago to make a ‘strong enough’ one. A rather dramatic example of how far software and hardware advances in password cracking have gone.
The example used is a combination of a word or two with a number digit. So for example “Give2Me” or “Shoot4Moon”.
Assume also that the number of digits might be 1 or 2. To attack the first form (word + digits + word), the attacker would try (100,000 * 2) * 100 * (100,000 * 2) combinations. That is an impressive 4 trillion combinations, but would take that high-end password cracking machine just 23.81 minutes to crack. Hackers would likely use an even smaller dictionary, too, because most people would only select from a dictionary of commonly-used words that are more likely far less than 5,000 words. If we can assume a 5,000 word dictionary, the same attack would take about 4 seconds.
That kind of attack used to take weeks or months even on a fast machine. We could typically break a Unix password on the Cray in about 10 hours back then. At that time, that was about $15,000 to $60,000 of compute time depending on number of processor used, so not worth doing for most things. Now we’re talking “let the laptop run while you go to bed” and it is cheap enough to do for recreational purposes… IIRC, we used a “large” 10,000 word dictionary then.
At one time the Unix password cryptext was stored in a visible format. We figured out that we could “precompute” all possible password cryptext and just do a “lookup” of the cryptext with 2 TBytes of storage. This was when that was an outrageous size (we had just spent about $250,000 for 1 TB and that was on a tape robot…) Now you can buy it for less than the cost of a dinner at a nice restaurant. (Yes, it was about that time that Unix / Linux stopped storing the encrypted text where it was visible ;-)
This does, though, illustrate one of the major problems of using encryption for security. Someone can always store what is not crackable today and then read it easily a couple of decades later… So a password that takes a “Billion years” to crack can be paranoid overkill, or just be something that is “good for my lifetime”… It is for this reason that I also do things like make “dummy” encrypted boxes that contain nothing, or contain garbage bits, or contain another encrypted file inside of it, or… Things that, when opened, bring doubt or work to break the spirit of an attacker. Having the “file that matters” sent in the middle of 3 or 4 files that have “easter eggs” in them like a text message saying “You wasted all your time to decrypt THIS? Har De Har Har!!” and another that when decrypted looks like it is still a bag of encrypted bits (but is in fact garbage so never can be decrypted) can be a psych out; but at a minimum consumes attacker resources (at low cost to you).
In other words, it can make sense to send encrypted messages even for “stupid” and “innocent” things like saying “Want to get coffee tomorrow?” as it creates a greater burden in the decryption attack and demoralizes.
It also gives you practice with the methodology so you are less likely to “mess up” when it matters AND it makes it hard to figure out “what matters” and can make it hard to see that one person gets “special” messages when compared to other folks.
For folks NOT in the USA, the AES download is illegal. The site claims to try to figure out your location based on your IP address. In theory you could bounce off a USA mirror of some sort, but “that would be wrong” ;-)
Software like The Onion Browser that routes your traffic all over hell and gone MIGHT pop you out at a USA source IP, or might not. It also might “flag” the attempt as being from a known anonymous service and refuse service based on that alone. It would be an interesting thing to try and I might do that a bit later just to see. (The Onion Browser bounces traffic all over through TOR sites and is a bit slower than regular networks, so using it for general downloads is not all that efficient generally…) But if you are in a US location (so doing a legal download) but using TOR, you might well have it fail by thinking you are out of the USA.
As I mentioned before, I tried making a posting via TOR Browser to my own site and the IP number assigned put me in the SPAM queue… BUT I did notice that the kinds of advertizing I got “fingered” to get, were no longer boring ads about things like stoves and bookstores but instead dating sites with pictures of young beautiful people ;-)
At any rate, for generalized anonymous browsing it seemed to work OK (if sometimes a tad slow) and it might well let you seem to come from some other country.
I’d not turn on the ‘let other traffic out my internet connection’ spigot on any system I cared about or for any IP address that might cause police to come talk to me. (At least one guy running a TOR server got a visit from folks in uniforms due to some traffic that originated from “his” site… It took a fair amount of explaining before they found someone bright enough to realize what he was describing was 1) Real. 2) Not illegal. 3) Meant he was not the person they were looking for. So run a TOR server in places and times where there isn’t any direct connection to you or to your important equipment… Only use the client services, not the ‘route other traffic out’; unless you are a died in the wool radical or inherently safe from prosecution. (I did try just turning on server routing briefly to see what happened. It complained about my firewall router being in the way. Nice confirmation of some of my security layers ;-)
FWIW, in a cursory look at TOR it looks like there is a risk of a “man in the middle” attack via a TLA setting up some TOR routers and sniffing the traffic that goes by. I’ve not looked at all the levels of encryption applied, but at some point you have an exit node that knows who you are talking with and at some point you are the last link on the return path. It might require that the TLA be either the first or last node to find things that are “interesting”, even if only a local IP address. The description seemed to say this was unlikely but I’ve not done a close look at it. So I’d only use it for things that were not really serious for now.
And don’t do anything illegal with either one.
I’m still looking for some kind of simple to use, provably secure, open source Public Key Encryption for doing public key based file exchanges. (If nothing else, it makes the first exchange of a Code Book that much easier for future use.)
For real fun, you could encrypt a file with AES and put it inside an encrypted file system made with TrueCrypt. Yes, the AES files could just be uploaded to a site (like we did with the TrueCrypt file system example) and would be much smaller for most individual files. For a multiple file block of information, using a whole TrueCrypt container takes less encryption steps as the whole block gets done in one go. For maximum safety, having many individual files each encrypted with a unique key AND the whole package a TrueCrypt encryption would be very frustrating to an attacker ;-) It would also help to protect against one or the other method having a bug, a vulnerability, or a back door.
Oh, and as AES puts a unique file qualifier on files (.aes), sites like WordPress that only allow specific file formats to be uploaded will not like them. So you would need to know to change it on the upload, then change it back on the download. Putting several of these inside a TrueCrypt volume gets rid of that overhead.
So far we have a web browsing anonymizer, a decent file system level encryptor, and a very good individual file encryptor. There is a proposed architectural design for a “provably secure system” level (two computers with OS loaded from ROM each boot and some isolation layers between them) and a beginning of the evaluation of software to run on them. Oh, and I’m impatiently waiting for RaspberryPi to catch up with hardware shipments so I can buy one ;-)
I’ve still got to identify a place on the Web where I’m comfortable putting a depot copy of an encrypted file system (though Freenet has some attractions) and I’m still not sure all of the various bits will integrate well. Oh, and every part needs the “check it three times” screen for “issues”… But “so far so good”.