Passwords and file encryption

In this entry I will cover some quick and simple ideas that you can do right now to protect your online presence.

First and perhaps the most important one is the passwords that you use for different places, yes I do mean using different passwords for different sites you log into. Don’t use the same password for everything. If you have been watching the news lately there have been a number of places that have “lost control” of their password file to hackers. I will admit it is a bit more work, but would you rather change only one password if the account has had the password stolen or multiple accounts?

There are programs that will secure your lists of passwords with a password so you only need to remember one to decrypt them. You may say what is the difference between having one password for all accounts and one password for the password holder?. First off you are more likely to have it on a machine that is password protected in the first place, and they will need to know you have a password file there. Most “hackers” are more interested in selling the machine or doing a quick look on what is there then digging deeply into it. It may be true that they may dig deeper for corporate treasures and if that is true it is hoped that your IT has steps and options in place to secure that, more on that later.

The next issue is the type and lengths of the password. There are many papers written about this and many different ideas. As a standard idea, the longer the better, but as long as you do not use dictionary words you can use a little as six letters for the password. As a general rule having special characters like ” @#$%*^$” will make the passwords harder to crack, sadly some systems will not allow these, so if you can, use them.

On the subject of cracking passwords you may have wonders how they do that? If the password encrypting program is well written then most of the time it is easy to encrypt the password but hard to decrypt. There are large databases call “rainbow tables” that have passwords already created and the hackers will take the database and search for a match, so they do not need to decrypt it just match it to a pre-created list. Adding special characters will make the time needed to crack it cost more than the data is worth. That is the key, once it is not cost effective then they will just wipe the machine and sell the hardware.

On the idea of passwords and encryption of passwords, I also want to touch on having your machine use a password to log into and not have it just auto-boot into your account. It may be a nice feature but if it is stolen then your data is open to all. With that being said and you still want to have it auto login to your account then you should at least encrypt the files you want no one to have access to. Setting up a space to save files in an encrypted form will depend on your operating system.

I will start with OSX first because it is the easiest. If you use OSX, it has an option to create an encrypted disk image. Think of it like a folder that will store the files, you then mount the folder like a drive. To create the encrypted image select and launch “Disk Utility” its in the Utilities folder under Applications, Select New Image, Choose a name for your image, then choose the size of the image, I would keep it under 4Gig because any larger you would not be able to burn the image to a DVD. Look for the encryption setting and select 128 or 256 AES its up to you, the higher the number the slower it will be to encrypt the data depending on your machine. Many new machines are fast enough for the higher number. You can also select the locations to create the image, leave the rest of the settings as they are. Select Create and an Authenticate dialog box will appear, give it a password and then retype it for verification. Use a strong password for this, that is numbers letters and the mix. To mount the file just click on it and it will ask you for a password, after you enter the correct password it will mount just like a standard OSX drive.

If you use Linux, Windows or OSX there is a third party application called “truecrypt” it is free, but I would ask you give a donation to them if you would please. I like the program because it open source, that means you can look at the source code for your own personal feel good that there are no backdoors in it. Also it has been look at by many others and there seems to be no security issues. It is on the same lines of having a single encrypted image that you store your files in. I am not going to go into all the features at this time. I will have a full posting at a later date with some cool security features. For this posting it will only go into creating a simple encrypted disk image. First down load the program for you systems from http://www.truecrypt.org/downloads. Select the OS you use and install onto your system. Start TrueCrypt, select Volumes, Create New Volume, keep the Create and encrypted file container selected, click next leaving the Standard TrueCrypt volume open marked. Click Next again and give the volume a name then select Next. For now you can leave the Encryption Algorithm set to AES and the Hash Algorithm set to RIPEMD-160 as well. Select Next and give it a size I would say 4GB max for this so you can burn it to a DVD if wished. you can experiment later with different sizes. Select Next and give it a password, it may give you an error if it thinks the password is to short or easy crack-able you can disregard it but try to create a strong one. Click Next again and give it a format type, the select FAT file system is fine for now, click Next again the Volume Format dialog box will be showing random numbers, move your mouse in the box for a while to create a random set of key numbers, then click Next to create the volume, it will say Volume Create at this point click Exit. It will bring you back to the start screen, to mount the created volume. Make sure one of the slots is highlighted. Click Select File and click on the file you created, select mount and it will ask you for the password then mount the file. Add the files to the mounted volume after done, just un-mount it and it will close.

I Think that is plenty for now so enjoy