Recent Posts
Categories
Setup and sending encrypted e-mail.
With the changes in many of the laws that kept the government out of your information, they have more access now than anytime in the country’s past. If you don’t mind the intrusion access then that’s fine, but if you do read on.
This entry will cover setting up and sending your encrypted mail to another using Thunderbird, EnigMail plugin and PGP /GnuPG programs. I am using Thunderbird because it is available for most every operating system around and its free, but I would ask you give a donation to help keep it around.
If your already using Thunderbird mail client then you are half way finished, if not you will need to install the client for your OS to use first and get in working correctly. Go to www.mozilla.org/thunderbird/ and download the version for your system, then setup your account. You will need to install enigma mail plugin and GnuPG. To get EnigMail plugin go to http://enigmail.mozdev.org/home/index.php.html and select the version for the OS you are using. If you are using a newer version of Thunderbird you can go to the “Add-ons” sections and search for then install from there, simple and easy or you just download the version and select Install from the “Tools -> Add-ons” menu, Select the .XPI file and install. Go to www.gnupg.org to get a copy of the program and install using the instruction for your OS system.
Now that you have a general idea on what, why and how of encryption, lets get started using it to send mail to another person. Install the Thunderbird plugin and install GNUpg program as well on your system. The first thing you will need to do in set up a public/private key. The Private or (secret key) is for you, the public key is for everyone else. There are two ways to generate the keys. One way is to use the command line, the other is to use the GUI in the Thunderbird OpenPGP option, for now will show the OpenPGP option.
Start Thunderbird then select OpenPGP, from the drop down menu select “Key Management”. Select “Generate” then “New key pair”. Select the Account / User ID you want to use then give it a paraphrase, you may also want to give it a comment, that is up to you. You can leave the Key expires option alone for this time, you can play around with others after setup. Select the Advance tab, depending on the speed of your machine you can leave the settings for Key size and Key type alone. Increasing the size will increase the time it takes to generate the keys, if you want to make it very difficult for people to hack your keys use the 4096 and DSA & EL Gamal option, it will take a while to create the keys so be aware of that. The 2048 key size is quite large and difficult to crack so you can leave the Key size and key type alone. After you are happy with the settings select Generate Key, sit back and wait for a bit while it generates the keys for you. When the keys have been generated they will show up in the Key management box.
Now lets get to using the generated keys. First you need to send them to another person, to do that select Key Management again, you have three options. One option is to send the public key by email, another options is to send the Public Key as a file and the last is to upload the Public Key to a key sever. For now just use Send Public Key by Email option, select the email of the person or persons and send. In the attachment sections you will see the public key, it will be numbers and letter with an .ase extension. When the person gets the email they will save the attachment into there PGP key folder and from then on they can send messages to you encrypted.
Sending encrypted E-mail is quite easy from then on. Select Write then enter the email address, from the OpenPGP menu select Encrypt Message, enter your Subject and message then click Send, you may be asked to verify the recipient public key then it will send the message. When the message is received open the OpenPGP pull down and select Decrypt/Verify, it will ask for the password to your private key and then will decrypt the message. And the good part is it is only decrypted when you want to see it, all the others times is encrypted.
Its sad you have to do this to protect your self from unreasonable intrusion by the government and business but..$fdRuyde^%7gde43%ynb(4sCX234gmq093467v%$dffg4^&=asw
Secure between you and others – Encryption
Picture a world where complete strangers know the personal information you send to your family, everything you send to someone else, is copied and viewed to make sure you are not a threat to the society. This sadly is what seems to be happening more and more lately, but if you are diligent there are things you can do to keep your information private.
With his group of entries I will explain how to use encryption of email between you and another person to keep the information out of prying eyes. The idea is simple, being able to send and receive mail between you and another knowing that even if the traffic is sniffed and the data is captured it will be secure for a while, I say this because as technology evolves it will at some point be able to DE-crypt the message, but most likely far in the distant future long after you and most of the human race is gone. The idea is to keep the length of time long enough so it does not matter if they do DE-crypt it because the information will no longer be useful. I will discuss using Thunderbird, GnUPG (PGP) and enigma mail plugin as my E-mail and encryption programs. There are others that will be added as time goes on. This set of entry’s will cover securing your E-mails from others, they being your ISP’s, data miners and even your own Government. We could talk all day about the idea that if your not doing anything you have nothing to hide, but will just leave it as the only ones that need to read it is you and the person you are sending it to, no one else.
What is Public key Encryption –
Why think about encryption? If you have nothing to hide then you don’t need to use it, do you? Just some of the questions that people put forth when you say you want to encrypt stuff between you and the other person only. Security is a right not a privilege, what is exchanged between you and the person should only be known between you and the person. There are many ways to encrypt messages, the one I will describe is called public key encryption.
The idea is that Bob and Alice want to exchange messages and do not want John to be able to see them. The problem is that the only method is a media that can be sniffed that is the traffic can be viewed. Think of the postal carrier: you put the mail in the mail box and the letter going into a public system that can be looked at if one wishes. To prevent that public, key cryptology was created. The way to think about it is that each of you have two types of mathematically defined keys. Both of the keys are created at the same time. One key you keep and one your give away, that may sound strange but here is why. You use the public key to encrypt and only encrypt the message, by knowing the public key you can not decrypt the message. When you get the encrypted message you use your private key and only your private key to decrypt it. The private key can be used to know it is you and only you that will read the message. Each private and public key are a matched set and if they are tampered with they will no longer work together. (the deep workings are at this time a bit beyond the scope of this but maybe I will do a special posting explaining it deeper)
Now back to Bob and Alice’s message exchange problem, Bob wants to send Alice a message that only Alice will be able to read, One way this could be done is to have both of them use the same password to encrypt the message, the problem is how do you exchange the password if they never are able to see meet each other directly. This is were the public key comes in, this is a lock that can be publicly given out that can be used to encrypt a message by anyone. But only the recipient has the private key to decrypt the message. The first thing they do is create a combination of private and public key, this means that the public key can be used to lock the box but only the private or secret key can be used to unlock the box.. So after they both create there public/private keys they can do one of many ways to exchange the public keys. They can send them to a central key server that holds the keys so Bob can search for Alice’s public key, Alice can just send Bob the public key in E-mail, if they are really paranoid, Alice can send the key one letter at a time to Bob and he can convert it for use, long way but it does work. Lets say Bob get the key from Alice some way, Bob would then take the message and put it in the box and lock the box with Alice’s lock and send the box to Alice, this box is unbreakable when the lock is added. Alice upon getting the box would use her private key to unlock the box and view the message. Bob could put his private key into the box so Alice can verify the message was from Bob. Simple but you should now get the general idea, some questions could be how does Bob know the private key is from Alice and not John and vice versa.
Deeper reading of you like
www.gnupg.org
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
http://www.openpgp.org/
http://www.pgpi.org/
http://www.pgpi.org/doc/pgpintro/
http://pgp.mit.edu/
http://philzimmermann.com/EN/findpgp/
Tor – the onion router
Anonymity is a right.
With this entry I am going to talk about a way to protect your true ip address from being logged when you surf the web.
I will discuss a program/service called tor, or “the Onion router.” Tor is a systems that will hide your IP location data as it travels along the internet from prying eyes. It can also be used to send data in a general encrypted form from you to another. When you go to websites your IP address is protected because the site does not know were you truly came from.
More and more companies and governments are using your IP address to track you and your behavior for their own personal use, good and evil. With tor your IP address is cloaked and in doing so much of your surfing habits are protected as well. The service was originally created to allow activists in repressive countries to be able to communicate information or discussions that the government would not want to be known, and not be worried that they would be found out, in some countries their lives would depend on them being anonymous.
The service is quite easy to set up and the more people that use it the better it gets. The current service installs all you need in one directory and runs from that directory only. Here is a little background of tor and how it works. The “onion” part is the fact that it uses different software routers set up by people to send each packet along. Each time it sends data it sends it encrypted and in a different direction using different routers. This is a strength but also creates a weakness, because at times can be slow. With tor as more people use the system the security increases for everyone because there are more routers which allows more random packet directions. First off you may be saying to yourself, how do I know that the routers are not tracking my data? Even if there may be some people/governments that have hacked the routers and are logging the packets that travel along their routers at that one time, its the random nature that will protect you, each time it will be different path that is used.
Here is a simple three step visual description from the tor web site.
To set up tor go to https://www.torproject.org/ and down load the “Tor browser Bundle” for your OS, Linux, Windows, OSX or smart-phones. Install it the start the router program, after a few moments it will open up a browser and let you know your are now browsing the web with your IP hidden for the sites you connect to. If you are worried about installing the software on your system there are two new options called “Tails”, that allow you to create a Live USB or Live DVD so no software is loaded on your machine. You just boot from the USB or DVD and run tor from the independent original operation system. Reboot and the live systems is gone without a trace. This is nice if you are at temp locations/machines and want to have some protection but leave no trace. I recommend you go to the tor web site and brows the “About Tor” section if you still have more questions.
Thanks and safe surfing.
Note if the images are not being displayed – here is the links to them
https://www.torproject.org/images/htw1.png
https://www.torproject.org/images/htw2.png
https://www.torproject.org/images/htw3.png
IM encryption with pidgin and OTR plugin
In this entry I will discuss secure IM. For this discussion I will talk about pidgin and how to add some secure encryption. This will allow you to talk with another person and be reasonably sure that you are will not be snooped. As all security and encryption, there may be as yet unknown bugs or ways to access the data, some may be from a side channel. Depending on your operating system you will need pidgin, you will also need a plugin called OTR. The OTR plugin does most of the work in securing the encryption between you and the other IM client. I will also talk about a few other plugin that may be kind of nice to have enabled.
First off you need download and install pidgin for your system. To do that go to http://www.pidgin.im/ and select the version for your system. There also is a sections along the top called Plugins, select that and you will get a list of plugin options. Find the “Security and Privacy” section and select “Off-the-Record Messaging”. Down load the plugin for your system, and install them both, pidgin first of course.
What is OTR? Off-the-record, its a cryptographic protocol that provides encryption for instance messaging conversations. This allows deniability and confidential message exchange. It uses multi-key exchange hash functions, that is it uses a mix of mathematical keys to encrypt the messages between each of the recipients on the IM exchange.
Now lets get started setting up the secure connections. First thing you need to do after you set up your IM account in pidgin is to set up the “Off-the-record” plugin private key. To do this go to the Plugins sections and select “Off-the-record Messaging” then select “Configure Plugin”. There is a new dialog box that will open, from here click on the “Generate” button to generate a private key fingerprint. It should after a bit of time generate a 40 letter/number key combination, it may take a bit of time depending on the speed of your machine. On this page also there are some other options you may want to set. I would recommend setting “Enable private messaging”, “Don’t log OTR conversations” and “Automatically initiate private messaging”. You can also set “Require private messaging” if you know the other person is using OTR as well, if you set this and they do not it will not connect (in future versions that will change to allow non default encrypted connection). There are other plugins you may want to play with so go for it.
To start a conversations, select the person you want to IM, there is a button in the lower right sections that will default to “Not private”. Click on the button and select “Start Private Conversation”. It will change to one of four options, “Not Private”, “Private”, “Unverified” and ”Finished”. Not private is just that, all exchanges are in clear text. Private means you and the person you are connection have been authenticated and not an impostor. Your exchanges are now encrypted and visible only to the other person not a third party that may be sniffing the traffic. This is not to say it is a guarantee because the technology may be found to break the keys, but for now they should be safe. Unverified means you are getting an encrypted feed but the key can not be fully verified, there may be someone acting as the other person. The last is Finished, this means the other person has change the setting to “Not private”, this prevents the other person from accidentally sending a message they think is encrypted.
Now you have a secure connection between you and the other person. The questions you still need to ask yourself is, “is the rest of the machine secure?” More on that later.
Passwords and file encryption
In this entry I will cover some quick and simple ideas that you can do right now to protect your online presence.
First and perhaps the most important one is the passwords that you use for different places, yes I do mean using different passwords for different sites you log into. Don’t use the same password for everything. If you have been watching the news lately there have been a number of places that have “lost control” of their password file to hackers. I will admit it is a bit more work, but would you rather change only one password if the account has had the password stolen or multiple accounts?
There are programs that will secure your lists of passwords with a password so you only need to remember one to decrypt them. You may say what is the difference between having one password for all accounts and one password for the password holder?. First off you are more likely to have it on a machine that is password protected in the first place, and they will need to know you have a password file there. Most “hackers” are more interested in selling the machine or doing a quick look on what is there then digging deeply into it. It may be true that they may dig deeper for corporate treasures and if that is true it is hoped that your IT has steps and options in place to secure that, more on that later.
The next issue is the type and lengths of the password. There are many papers written about this and many different ideas. As a standard idea, the longer the better, but as long as you do not use dictionary words you can use a little as six letters for the password. As a general rule having special characters like ” @#$%*^$” will make the passwords harder to crack, sadly some systems will not allow these, so if you can, use them.
On the subject of cracking passwords you may have wonders how they do that? If the password encrypting program is well written then most of the time it is easy to encrypt the password but hard to decrypt. There are large databases call “rainbow tables” that have passwords already created and the hackers will take the database and search for a match, so they do not need to decrypt it just match it to a pre-created list. Adding special characters will make the time needed to crack it cost more than the data is worth. That is the key, once it is not cost effective then they will just wipe the machine and sell the hardware.
On the idea of passwords and encryption of passwords, I also want to touch on having your machine use a password to log into and not have it just auto-boot into your account. It may be a nice feature but if it is stolen then your data is open to all. With that being said and you still want to have it auto login to your account then you should at least encrypt the files you want no one to have access to. Setting up a space to save files in an encrypted form will depend on your operating system.
I will start with OSX first because it is the easiest. If you use OSX, it has an option to create an encrypted disk image. Think of it like a folder that will store the files, you then mount the folder like a drive. To create the encrypted image select and launch “Disk Utility” its in the Utilities folder under Applications, Select New Image, Choose a name for your image, then choose the size of the image, I would keep it under 4Gig because any larger you would not be able to burn the image to a DVD. Look for the encryption setting and select 128 or 256 AES its up to you, the higher the number the slower it will be to encrypt the data depending on your machine. Many new machines are fast enough for the higher number. You can also select the locations to create the image, leave the rest of the settings as they are. Select Create and an Authenticate dialog box will appear, give it a password and then retype it for verification. Use a strong password for this, that is numbers letters and the mix. To mount the file just click on it and it will ask you for a password, after you enter the correct password it will mount just like a standard OSX drive.
If you use Linux, Windows or OSX there is a third party application called “truecrypt” it is free, but I would ask you give a donation to them if you would please. I like the program because it open source, that means you can look at the source code for your own personal feel good that there are no backdoors in it. Also it has been look at by many others and there seems to be no security issues. It is on the same lines of having a single encrypted image that you store your files in. I am not going to go into all the features at this time. I will have a full posting at a later date with some cool security features. For this posting it will only go into creating a simple encrypted disk image. First down load the program for you systems from http://www.truecrypt.org/downloads. Select the OS you use and install onto your system. Start TrueCrypt, select Volumes, Create New Volume, keep the Create and encrypted file container selected, click next leaving the Standard TrueCrypt volume open marked. Click Next again and give the volume a name then select Next. For now you can leave the Encryption Algorithm set to AES and the Hash Algorithm set to RIPEMD-160 as well. Select Next and give it a size I would say 4GB max for this so you can burn it to a DVD if wished. you can experiment later with different sizes. Select Next and give it a password, it may give you an error if it thinks the password is to short or easy crack-able you can disregard it but try to create a strong one. Click Next again and give it a format type, the select FAT file system is fine for now, click Next again the Volume Format dialog box will be showing random numbers, move your mouse in the box for a while to create a random set of key numbers, then click Next to create the volume, it will say Volume Create at this point click Exit. It will bring you back to the start screen, to mount the created volume. Make sure one of the slots is highlighted. Click Select File and click on the file you created, select mount and it will ask you for the password then mount the file. Add the files to the mounted volume after done, just un-mount it and it will close.
I Think that is plenty for now so enjoy
Project – best practices for people to use to keep there data secure, including tools.
Greetings All —
For a while there have been questions from people on what are the best ways to keep your personal data and information safe from prying eyes on the net. This is is a hard question because your data is now a valuable commodity, by many groups, both business and governmental. Some of it is a good thing, much of the free services would never be around, or of it is it would be a “pay for use” type system if all of your personal data was kept hidden away and not able to be used. The internet we see now may never have grown to what it is today. So some personal information being used as a commodity is a good thing, but, you still need to protect as much as you can of it and how it is being used. For a few blog entries there will be some tips and ways to keep most of it secure, and ways to keep track of it from people that try to take and use it. It is not totally possible to keep all your data safe, never has and never will be, sorry that is the way it is.
For the next few entries I will give you some ideas to keep your data safe and also give you some tools to use to help as well. Here are some of the key points I will try to cover and not in any special order except I will do the general information first.
Key points to cover –
General information
E-mail
File exchange
Web browsing
IM exchange
Buying online
Social media
There are some things you can go right away, some take a bit of work but are worth doing to give you a fighting chance to keep your data safe. For now I will leave you with one quick idea, it is easy but it does require some work. It is passwords, make sure you change them from time to time, and don’t use the same one for everything. Each site should have its own password, Ok you may be saying “well how to I keep track of them all?.” There are programs that will store them and are password protected as well. When it comes to passwords, lengths is not always what matters it is what letters/numbers are being used for the password. A nice rule of thumb is 10 characters with a mix of numbers letters and special characters, that being ($&#*) or a mix of others depending on your keyboard. Use at least three of them and don’t use thinks like your pet, home, kids, or real object names. Many times people will use a dictionary to scan for the names. If you want to do a bit of looking check out Steve Gibsons web site (grc.com) he has a nice write up on password storage programs.
Well that should keep you bust for a while – more to follow.
Keeping your messages safe from prying eyes
With the current political environment your privacy is being chipped away more and more each day. Much of the debate is based on the idea that if you are not doing anything wrong then you should have no worry about your information being viewed by the government, this in itself is a fallacy. Another debate is that they need the ability to view everything to protect you from terrorists that are bent on harming your way of life, this is a long discussion in itself, but not here.
With the next few entries I will discuss ways to keep your messages private between you and the people you want to exchange information with. The key ones will be E-mail, IM and file exchange using encryption and encryption type programs. Some of them require usage of special programs that you and the person your are exchanging information with need to have set up. It is quite simple to do, I will also give some tips and tricks on using them. All of the applications I will talk about are open source so if you wish to view how they work you can.
The E-mail program I will be using in the discussion is Thunderbird with some plugins. It has clients for windows, mac and Linux, I use this because it seems to be on of the more extendable clients for email. It will be used with a public key / private key clients to encrypt and decrypt the messages. For exchanging IM between you and another person I will be expanding on pidgin, it is a multi-service client, that is it works with yahoo, AIM, jabber, exchange and some others. The last group of topics will be encrypting your files, so if you travel you can be generally sure your files will be safe from prying eyes. This is not the entire list of applications you could use, nor is there a guarantee that the data can not be decrypted at some time in the future. As technology changes one never knows, but for now its mostly safe.
I will add different programs as I go from time to time under the same heading, so I hope it will spur you into keeping an eye on your data and who may be snooping on it, for good or evil.
Happy Data Privacy Day
Data Privacy Day is an international holiday that occurs every January 28. The purpose of Data Privacy Day is to raise awareness and promote data privacy education. It is currently celebrated in the United States, Canada, and 27 European countries.
Go out and look for ways to secure your data, if your sites don’t then request they do or save your data in places that do.
Passwords Passwords Passwords
New month starting soon.. Time to change your passwords.
Time to change your passwords
Recent Comments