Jump to content
Not connected, Your IP: 18.191.87.157
ravenheart

What is yor local file encryption routine?

Recommended Posts

With all the current talk about the need for such, govs whining and screaming about it, why we feel the need to ( the answer is simply, we do it because of you) I was curious if any of you follow this practice and how you do it. Personally my Arch setup is luks/LVM  and for personal stuff I use tomb ( linux only) as it leverages the builtin dm-crypt, etc, as well as allowing keys to be embedded in image files, tombs inside of virtual images, etc.. is a very small program with minimal deps and even has an optional super lightweignt gui for those not digging the commanadline only,  though the website says it requires root access I've found that it does not. Play safe kids!

Share this post


Link to post

The only encryption I use locally is in 7zip archives. And that is only if I need to be able to put the resulting file(s) on a USB Flash drive and toss it in my pocket without any concern about someone getting access to it.

 

The file(s) in question are simple text files with my login and passphrases for all the sites I use. So I cannot let them be unencrypted AND mobile. Either one is fine, but never both.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

I never encrypt my hard drives but I encrypt my important files with veracrypt. I use it always in my pendrive with some volumes encrypted to save that important data everywhere I go. Where I work I use it veracrypt from the pendrive (WIndows), at home in my GNU/Linux.

Share this post


Link to post

I use LUKS on my Ubuntu system and most USB sticks, also have a few important files like my keepass files in Truecrypt/Veracrypt containers.

Share this post


Link to post

Well, I'm paranoid, so I do encrypt everything I can. Protonmail for e-mail (actively convince my peers to use protonmail), LUKS for full disk encryption in linux, VeraCrypt for Windows and encrypted vaults (though I wait for UEFI support for my Windows 10 machine, however this is coming very soon), cryptomator for cloud (although I use very rarely anything except SipderOak), Duplicati and SpiderOak for encrypted and offsite backups, fully encrypted phone, signal for messaging, HTTPSEverywhere, Air for encrypted communication of course . 2FA everywhere I can. LastPass po passwords. Faraday bags for my mobile devices . Looking for easy full disk encryption of my pfsense box, but nobody actually does this

 

What I do really miss are good online encrypted documents, like google docs but privacy focused and encrypted (I don't use google services any more, I miss docs so much though).

 

So yes, color me paranoid.

Share this post


Link to post

Karaznie,

 

I have heard lots of back and forth re: spider oak,  has it been open soucred yet? seemed to be a point of annoyance with lots of ppl, I use protonmail too, but I hate that they seem to be a fav target of attacks, I also am trying out tutanota, for an basic pop3 / smtp I have one at autistici /inventati for use with my own keys.  I would like to use veracrypt but I sorta hate if by some chance my comp gets seized and the app is noticed it'll trigger curiosity and questions heh, so I use tomb on my linux box, commandline is nice, noone knows it's there....

 

 As for your docs need, I'm not a huge wealth of information but on privacytools.io they have a few apps listed, maybe something like protectedtext could be of some use?

Share this post


Link to post

Karaznie,

 

I have heard lots of back and forth re: spider oak,  has it been open soucred yet? seemed to be a point of annoyance with lots of ppl, I use protonmail too, but I hate that they seem to be a fav target of attacks, I also am trying out tutanota, for an basic pop3 / smtp I have one at autistici /inventati for use with my own keys.  I would like to use veracrypt but I sorta hate if by some chance my comp gets seized and the app is noticed it'll trigger curiosity and questions heh, so I use tomb on my linux box, commandline is nice, noone knows it's there....

 

 As for your docs need, I'm not a huge wealth of information but on privacytools.io they have a few apps listed, maybe something like protectedtext could be of some use?

 

Yes, unfortunately they haven't open sourced everything yet as they promised some time ago. This really annoy people. Hope some day they'll do this some day. I - for one - somehow trust them still. I really like how they deal with ethics, how they care about not knowing anything that potentially might reveal others encryption keys (for example, they discourage logging online to their service, explicitly saying it may be dangerous). Unfortunately nothing in this category (cloud storage) comes even close.

 

I also use Duplicati for backup and store my encrypted bacups safely. It's opensource and secure zero-knowledge alternative. 

 

I use also tutanota, however I like protonmail much more. It's just matter of aesthetics . Tutanota is my secondary mail.

Share this post


Link to post

 

Karaznie,

 

I have heard lots of back and forth re: spider oak,  has it been open soucred yet? seemed to be a point of annoyance with lots of ppl, I use protonmail too, but I hate that they seem to be a fav target of attacks, I also am trying out tutanota, for an basic pop3 / smtp I have one at autistici /inventati for use with my own keys.  I would like to use veracrypt but I sorta hate if by some chance my comp gets seized and the app is noticed it'll trigger curiosity and questions heh, so I use tomb on my linux box, commandline is nice, noone knows it's there....

 

 As for your docs need, I'm not a huge wealth of information but on privacytools.io they have a few apps listed, maybe something like protectedtext could be of some use?

 

Yes, unfortunately they haven't open sourced everything yet as they promised some time ago. This really annoy people. Hope some day they'll do this some day. I - for one - somehow trust them still. I really like how they deal with ethics, how they care about not knowing anything that potentially might reveal others encryption keys (for example, they discourage logging online to their service, explicitly saying it may be dangerous). Unfortunately nothing in this category (cloud storage) comes even close.

 

I also use Duplicati for backup and store my encrypted bacups safely. It's opensource and secure zero-knowledge alternative. 

 

I use also tutanota, however I like protonmail much more. It's just matter of aesthetics . Tutanota is my secondary mail.

 

 

Althought I distrust by nature the idea of cloud storage, I think if I was going to do that I might locally encrypt my files and then use something like Tarsnap, I dunno anyone however that has had firsthand expereince of using them, seems like a solid b/u service but, my tinfoil hat starts to vibrate when I think of storing something "out there" hahahaha

 

Share this post


Link to post

 

my tinfoil hat starts to vibrate

 

Unless I fully encrypted locally and then sent it up my hat would explode.  LOL!

Share this post


Link to post

If you need encrypted e-mail, use any client you want, but use GPG to encrypt the message. It is not hard, and if your recipient is half as smart as a potted plant, they can easily handle it. It does require a trivial bit of work initially to have each side make their own keys, and then to exchange public keys. But it is fully open sourced, and available on any platform I have heard of. And best of all, you can use this with a mail service that logs and offers zero encryption. It will still work just fine. And since the so called "intelligence" services around the world have been trying to break PGP for decades, I think you can rest assured that it is not going to break anytime soon. (GPG is short for GNU Privacy Guard. It is the Open Sourced compile of PGP, and is fully free to use in any way you like.)


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

When I surf the internet with my VPN accounts  I use a Linux VM with LUKS and LVM.  VM is encrypted with the virtualiation application as well as restrictions enabled on the VM.  The VM has a base snapshot with all my applications configured for VPN.  When I'm finished with my session, I revert to the snap shot.  The VM and files are stored on an Aegis Padlock.  The Padlock has a built in brute force protection to securely delete the encryption keys after 20 unsuccessful password attempts.  I also have a secure wipe password that will securely delete the encryption keys if initiated.  The VM itself is configured to only send and receive traffic through the VPN tunnel and to drop all traffic if the VPN connection fails.

 

When transporting secure information, I use Aegis Secure Key's.  My personal Aegis key has a standard Veracrypt container and a hidden Veracrypt container.  Contents of the outer container have a scanned copy of my DL, Passport, and a contacts list.  My hidden vault has a digital copy of my birth certificate, ssl card, a couple of emergency bitcoin wallets, and AirVPN config files.  The container is synced to 2 cloud accounts on a monthly basis.

 

As far as communications, I use Signal, Telegram, and Whatsapp (all end to end encryption) for txting/SMS, protonmail for secure end to end encryption email. 

 

No Social Media Accounts.

Share this post


Link to post

GPG for email, FileVault for OS X (i know, i know... but i don't care enough.. this is good enough). and 7zip for some local files and USB. also, i know these are not "files" but i use Signal and Telegram (encrypted) for all my texts

Share this post


Link to post

If you need encrypted e-mail, use any client you want, but use GPG to encrypt the message. It is not hard, and if your recipient is half as smart as a potted plant, they can easily handle it. It does require a trivial bit of work initially to have each side make their own keys, and then to exchange public keys. But it is fully open sourced, and available on any platform I have heard of. And best of all, you can use this with a mail service that logs and offers zero encryption. It will still work just fine. And since the so called "intelligence" services around the world have been trying to break PGP for decades, I think you can rest assured that it is not going to break anytime soon. (GPG is short for GNU Privacy Guard. It is the Open Sourced compile of PGP, and is fully free to use in any way you like.)

Keep in mind that GnuPG / GPG encryption is not fool proof. it is definitely capable of being cracked, its just intensive to do so.

Share this post


Link to post

 

If you need encrypted e-mail, use any client you want, but use GPG to encrypt the message. It is not hard, and if your recipient is half as smart as a potted plant, they can easily handle it. It does require a trivial bit of work initially to have each side make their own keys, and then to exchange public keys. But it is fully open sourced, and available on any platform I have heard of. And best of all, you can use this with a mail service that logs and offers zero encryption. It will still work just fine. And since the so called "intelligence" services around the world have been trying to break PGP for decades, I think you can rest assured that it is not going to break anytime soon. (GPG is short for GNU Privacy Guard. It is the Open Sourced compile of PGP, and is fully free to use in any way you like.)

Keep in mind that GnuPG / GPG encryption is not fool proof. it is definitely capable of being cracked, its just intensive to do so.

Any evidence that 8192 bit RSA has ever been cracked? No? Then how about 4096 bit RSA? Still no? Then how about 2048 bit RSA? I am detecting a pattern here...

 

If you have any evidence that the huge RSA ciphers are actually being broken by someone, I would greatly appreciate hearing of it.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

 

 

 

Now i think im a bit out of my depth here and am definitely not as knowledgeable as yourself, so dont bite my head off if im wrong. but i think i have a case here that suggests 4096 RSA was cracked in this article here.

 

The article alleges they were using these 'customised handsets' , pgp encrypted blackberry's. and on its website here, it says

 

Is communicating with Blackberry PGP safe?
PGP is a proven and secure encryption method that allows users a high encryption standard in their hands at e-mail accounts of the Blackberry via BES servers. It is a very user friendly system, and you can communicate with all other PGP Blackberry companies that have applied to other domains. Open their servers The standard encryption we use our PGP platform is RSA 4096 bits with AES 256.

PGP Encryption Keys:
On the BB10, the handheld generate the keys by it self .

  • AES 256 BIT , 4096 RSA.

For the highest security.

We use PGP keys of 4096 bits and AES-2 256 bits. Also everything is encrypted one more time by our private vpn channel over the air, so even unsecured communication become secure, encrypted by our VPN using AES-2 256bit key.

Share this post


Link to post

Now i think im a bit out of my depth here and am definitely not as knowledgeable as yourself, so dont bite my head off if im wrong. but i think i have a case here that suggests 4096 RSA was cracked in this article here.

 

The article alleges they were using these 'customised handsets' , pgp encrypted blackberry's. and on its website here, it says

 

 

Is communicating with Blackberry PGP safe?

PGP is a proven and secure encryption method that allows users a high encryption standard in their hands at e-mail accounts of the Blackberry via BES servers. It is a very user friendly system, and you can communicate with all other PGP Blackberry companies that have applied to other domains. Open their servers The standard encryption we use our PGP platform is RSA 4096 bits with AES 256.

PGP Encryption Keys:

On the BB10, the handheld generate the keys by it self .

  • AES 256 BIT , 4096 RSA.

For the highest security.

We use PGP keys of 4096 bits and AES-2 256 bits. Also everything is encrypted one more time by our private vpn channel over the air, so even unsecured communication become secure, encrypted by our VPN using AES-2 256bit key.

That article says they did not defeat the encryption at all. I will quote the important part here.

"In fact, one recent investigation by Vice News claimed that Canada's federal police has had the firm's global encryption key since 2010."

 

So they never had to even try. They had the key since 2010.

 

I am not going to bit your head off. But since you may be a bit out of your depth, let me help educate you on the sorted history of PGP/GPG.

 

Phil Zimmermann made PGP back in 1991 when encryption was plainly pitiful. At the time, it was strictly forbidden to "export" encryption stronger than 40 bits, because that was the amount that could be broken in an actionable amount of time. In fact, it was at the time considered to be "munitions". (Meaning weapons and ammo and such.) So allowing the world to have it would have been treason.

 

A number of cases have been tried around the world that depended solely on evidence claimed to be in messages encrypted with PGP. To date, not one has been decrypted without the password. AirVPN uses 4096 bit RSA as part of the encryption for the VPN. It has never been broken either. I do not think even 1024 bit RSA has ever been broken, but it is not used anymore since it is too weak relative to the trivial amount of work to make and use a larger key.

 

So I have to argue that it is secure because it has never been cracked. If you encrypt your content and I ask you the passphrase and you give it to me, then I did not crack it. I may have defeated it, but not in any way that could not apply equally well to any encryption.

 

Please do not hesitate to ask any questions you think of. I may be a bit crazy, but I would be very pleased to help you learn.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Right, i get what you're saying. so they didn't actually break through the encryption, they just had the private key to decode the messages and etc.

It's definitely restored my faith in PGP for sure.

 

ha, that blackberry company probably just got opened up to a whole lot of liability over that, lol.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...