crypto & security thread
Easy topics for me:
+) encryption/decryption, hashing
+) passwords / codes / keys / biometrics
+) cryptocurrencies
+) network security / protocols / exploits / firewalls / etc
+) secure programming
+) "select all images with kayaks"
+) kittens
Ask anything, we'll share then let's let the thread die
>>53334697
Hi completely newbie here
1. How do I encrypt my Arch partition?
2. TL;DR me on how to setup DNSCrypt. (I already changed my resolv.conf)
>>53334697
in gpg , should i use symmetric or asymmetric encryption ?
>>53334729
1) http://lmgtfy.com/?q=https%3A%2F%2Fwiki.archlinux.org%2Findex.php%2Fdisk_encryption%23Examples
2) DNSCrypt as in DNSSEC validation? Or serving a signed zone?
Or are you asking more about the theory behind DNSSEC, why it's needed, how it works, the algorithms used, etc... I can answer that stufz
>>53334779
I don't see how GPG can use symmetric encryption. I think the idea here is to create a asymmetric key pair (public/private) then use them to sign outgoing messages, validate the sender of incoming messages, decrypt messages sent specifically to you, and encrypt messages sent specifically to another party.
r u testing me
>>53334821
>>53334779
Looks like GPG can use symmetric encryption after all, but all it does is encrypt files. So no real difference here between this an openssl or whatever tool you want to use.
`gpg --output doc.gpg --symmetric doc`
>>53334821
>>53334889
i want to encrypt my backups and i don't know which method is more secure.sorry for not being clear.
so symmetric encryption has 0 benefits when it comes to backup ?
Oh fuck I actually live in Bel Air, MD.
>>53334697
Kayaks are all good and well, but can you do palm trees, cacti, street signs?
>>53334781
theory behind DNSSEC, why it's needed, how it works
and How do I set it up (dnsmasq and shit)
Actually I need a good source to read
>>53334904
symmetric encryption is absolutely definitely what you DO want to use when you are talking about backups. Assuming you are the same guy asking about the encrypted partition, there is no harm in just copying the encrypted partition to make backups. If you just want to make encrypted backups of certain files, you can use tar/gzip/bzip2/zip whatever to compress them to a single file then encrypt that.
You can use that gpg command I posted or something like:
openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.encrypted
Where you can choose your algorithm to your liking. AES-256-CBC is good but not amazing.
If you want to use gpg to do so it's probably fine but I've never done it that way myself.
Asymmetric encryption is more about transmitting messages around.
>>53334932
some of these are harder for me desu :'(
"cakes" is harder than "food" for example
>I wonder which ones are harder for an attacking program, or if there are really easy ones...
>"water" ?
>>53334979
i see, thank you, it's all clear now i really appreciate your efforts
We should have these threads more often. Thanks OP
>>53335018
lol here an example:
tar -cvf backup.tar /mySecretFilez/
bzip2 backup.tar
openssl aes-256-cbc -a -in backup.tar.bz2 -out backup.tar.bz2.enc
>biometrics
I have a fingerprint scanner on a toshiba m11. Is it possible to use it in Linux? How hard is it to generate a repeatable number from a fingerprint scan? Cactus master race here.
>>53334965
Ok so DNSSEC is needed because DNS queries can be modified in transit, and/or caching resolvers can be attacked (called cache poisoning) to serve bad records.
DNSSEC DNSKEY public key records are checked at each level of the tier ending up with the root zone "." keys which are trusted. Just like in HTTPS we have the trusted roots like verisign etc.
mydomain.myprovider.com.
cannot have DNNSSEC unless all of:
.com.
myprovider.com.
and
mydomain.myprovider.com.
all have DNSSEC enabled and working.
The wiki page has a ton of info about it.
>>53335129
About the repeatable number, that seems like a hard problem still. I'm not aware of a reliable solution that exists out there. There are multiple methods used to index or understand/scan fingerprints. There is some information here on a comparison of algorithms:
http://pubs.sciepub.com/jcsa/1/4/1/
>>53334965
>>53335136
I would recommend using algorithm 10 or algorithm 14 which should be RSA/SHA-512 or ECDSA/SHA-384 respectively.
>>53335129
according to
http://www.linlap.com/toshiba_tecra_m11
the fingerprint scanner on the M11 wasn't tested so I'm really not sure. I assume you would need a driver of some sort...
>>53335298
How solid is this command for setting up an encrypted partition? How hard would it be to break this with 50 character random string of letters and numbers as a passphrase?
cryptsetup -v -h sha512 -c aes-xts-essiv:sha256 -y -s 512 --use-random -i 4000 luksFormat <device>
>>53335508
>-s 512
>aes
>>53335508
>essiv
>xts
>>53335550
what my benchmark says it's a legit mode
cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 599871 iterations per second
PBKDF2-sha256 399609 iterations per second
PBKDF2-sha512 266136 iterations per second
PBKDF2-ripemd160 395987 iterations per second
PBKDF2-whirlpool 115992 iterations per second
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 447.6 MiB/s 1059.2 MiB/s
serpent-cbc 128b 40.1 MiB/s 132.5 MiB/s
twofish-cbc 128b 69.5 MiB/s 95.5 MiB/s
aes-cbc 256b 222.5 MiB/s 528.9 MiB/s
serpent-cbc 256b 36.8 MiB/s 129.0 MiB/s
twofish-cbc 256b 66.8 MiB/s 86.6 MiB/s
aes-xts 256b 574.9 MiB/s 586.6 MiB/s
serpent-xts 256b 98.3 MiB/s 99.9 MiB/s
twofish-xts 256b 91.2 MiB/s 87.8 MiB/s
aes-xts 512b 465.3 MiB/s 483.6 MiB/s
serpent-xts 512b 102.2 MiB/s 103.2 MiB/s
twofish-xts 512b 95.4 MiB/s 87.1 MiB/s
>>53335508
I'm not read up on XTS. Just looked over:
http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/
but that doesn't necessarily mean you don't want to use XTS. What other options are available to you?
There is key splitting (in half) in XTS, so make sure to use a 512 bit key- which I think you did use with your "-s 512" argument.
A random 50 character alphanumeric (A-Za-z0-9) is extremely good. 3.14 x 10^191 (which is alot)
Don't forget your password =]
>>53335665
Out of those choices I would pick
PBKDF2-sha512
or
PBKDF2-whirlpool
combined with AES or possibly serpent (which was a candidate for AES). Since your hardware has AES acceleration it's definitely smart to go with AES in your case. (465.3 vs 102.2 lol)
I would read up about the differences between CBC and XTS in disk encryption before making my final choice.
>>53335665
>>53335508
The command looks great. =]
The -i 4000 might even be quite a bit more than you need.
Good luck!!
Are WPS router implementations still easily crackable using Reaver?
How hard is the math behind encryption? I would like to be able to program a FPGA to crack WPA keys based off of captured packets. How hard would it be to learn the math needed for that if you already knew sequential logic design, 3 calculuses, diff-eq, linear algebra, and a little discrete math?
>>53335989
Also could you recommend a book for someone with that math background on the mathematics behind encryption? A book available by bit torrent is a plus.
>>53336026
>bit torrent
>technical pdfs
get real m8. https://www.u-cursos.cl/usuario/777719ab2ddbbdb16d99df29431d3036/mi_blog/r/1_book-introduction_to_modern_cryptography.pdf
>>53335989
All of that is going to be really helpful, the calc maybe the least.
A cracking FPGA sounds like a really fun project =]
Reaver tries to brute-force the WiFi Protected Setup (WPS) PIN code on a specific access point. APs with WPS disabled are immune to Reaver, but I doubt you will run into too many of those!
Quick research just now says that there has been no general fix for the WPS PIN / Reaver attack.
A FPGA to crack WEP in the normal IV crack method might be more realistic, if you want to crack WPA you will need to figure out an attack on TKIP or the underlying cipher: RC4.
Cracking WPA2 seems like it would need an AES attack.
#op
I need help with things.
I'm running a W7x32SP1 VM (W7x64SP1 host), which is connected to a VPN bought with tumbled BTC, then connected through a socks5 proxy bought with tumbled BTC using Firefox, while using Antidetect P5. I will be encrypting the volume containing the VM with TrueCrypt and connecting through a free public WiFi.
How safe am I?
>>53336302
When I run Reaver on a WPS enabled router I get a lot of messages that say I failed to associate with the AP. Sometimes association seems to succeed and I get a message that a bunch of M? messages are received and sent, where ? is a number. It then retries the same pin number over: 12345670. Is this normal for startup? I've only run it for a few minutes. If it is normal how long before it generally starts trying other pins?
Just wanted to know something. My Samsung note 3 was hacked into, possibly with metasploit. Hacker took photos and forces the phone to factory reset, leaving no evidence.
I just want to know can this happen again with my IPhone 6s. That is all.
>>53336347
Can any of the BTC be traced to the rest of it? Where is your BTC wallet? Has your wallet been connecting via an anonymize like Tor?
Also truecrypt isn't being updated anymore according to last time I was on their site, I don't know if there are vulns or not.
>>53336390
Idk, I'll have to try it out desu :/
>>53336454
Ouch. That's really crazy. I've never heard about something like that happening. Did you have it hooked up via usb to a PC or something? Or via WiFi perhaps? Was it patched? It'd be cool if factory reset needed a hardware button, say, in a battery compartment that one could open... #thanksApple
I guess the best advice I can give here is: make backups
Then: encrypt backups
>>53336526
Never been connected to a PC. Btw they also saw the accounts I logged into so it was some malware installed remotely. My bank account is compromised at the moment.
>>53336572
>Never been connected to a PC. Btw they also saw the accounts I logged into so it was some malware installed remotely. My bank account is compromised at the moment.
>bank byebye
So that's really bad.
Did you have cell service on your note at the time of compromise? Both CDMA and GSM are totally wrecked, so possibly your phone was a victim of a cellular based attack, or if you are (or your bank account was) a high value target you might think about an attack through the cell company.
How do you know somebody got into your phone via metasploit?
Did you have a banking app installed?
>>53336454
>Just wanted to know something. My Samsung note 3 was hacked into, possibly with metasploit. Hacker took photos and forces the phone to factory reset, leaving no evidence.
Provided this isn't b8, the chances that someone actually hacked you are very very slim.
The software probably just fucked up in some way.
>I just want to know can this happen again with my IPhone 6s. That is all.
Non-jailbroken, not going to happen.
Jailbroken, very unlikely.
Jailbroken with changed root password, not going to happen.
>>53336633
A family member is high suspicion, Just got a laptop and installed a bunch of hacker software on it, bragging to everyone. Now I get hints from them that they were the culprit. I just don't have hard evidence.
>>53336702
A family member stole from your bank account? They must have opened an account to transfer the money to right?
Perhaps the laptop has evidence on it, shell history files, login/logout times, etc? BIOS logs?
that's a sad situation. :(
best wishes to you though
>>53336641
Thanks for the advice, I just need to log into some sensitive accounts. I exclusively use my phone for that. Don't plan on jailbreaking either.
The software never received many updates either so I guess eventually it would fuck up.
>>53336756
Don't know much about that, but I will change banks anyways. Taking this step by step.
>>53336702
>>53336756
>>53336818
cont...
I'm not exactly a therapist but maybe just ask them str8 up if it's like your little brother or someone close to you that doesn't mean you any real harm.
>Did you do this shit? If so, show me how because it's really cool. plz don't do it again
You could notify your bank ASAP and they might be able to refund you the money- you might need to sign some form about identity theft and file a police report (USA laws here)...
>>53334697
gonna close up shop here in a little unless we get in some new discussion material, or maybe I'll pose a question myself
+) kittens
+) NSA Suite A
#op
>>53335989
which FPGA are you going to use?
>>53334697
Is OpenSSL compatible with Windows crypto API?
I mean, if I generate a keypair on Windows, can i use that public key on another machine using OpenSSL, and send the ciphertext back to the Windows machine to be decrypted?
For the paranoid, wouldn't there be additional security with using two FDE's on top of each other. Different cryptos and applications so even a backdoor would not be enough, and with aes-ni still faster than our slow HDDs. Which ones would you choose? I see no disadvantage with this, other than needing two passwords and the speed ofc.
>>53336943
how safe is the anubis cypher and why isnt it included in any crypto suit like openssl?
>>53341269
Just use AES. 128 vs 256 doesn't make as much of a difference.
>>53335769
>random 50 character password
Jesus fuck what's wrong with you
I use two medium sized sentences with full interpunction. It's easy to remember and provides ridiculous entropy however you want to calculate it.
>>53334904
>>53334979
Since OP is talking out of his ass about how pgp and such work, here's a clarification.
How hybrid encryption works:
>generate a 128/256 bit key
>encrypt data with it using symmetric encryption (usually AES)
>encrypt the key with public key(s)
>bundle it all together
Using asymmetric encryption to encrypt data is stupid because it's much slower (plus no hardware acceleration) and provides no positive sides.
Daily reminder to use AES instead of elliptic curves. NIST one is backdoored, others aren't tested enough.
Anyways, ask if you want to know shit about PGP.
>>53341622
this nigger op is wrong
>>53341269
Apparently pretty safe, there aren't any known attacks and the author knows his shit. However it's not nearly as analysed as AES and it's much less supported. Besides, AES has been implemented in hardware everywhere so it's much faster.
>>53343269
Shit nigger how lazy can you be not to put a fucking comma, your sentence has like five meanings now
>>53334697
redpill me on elliptic curves and safety of aes256 with sha256 hash please
>>53345361
>elliptic curves
Not recommended. NIST curve is backdoored and others simply aren't as throughly checked as AES.
>AES 128/256
Safe.
>SHA256
Afaik still safe with thousands of hashing rounds.
>NIST curve is backdoored
What, secp256r1 aka prime256v1? No, I don't think it is. Neither is secp384r1, although that is annoying to work with. But I can understand why you might think so: NIST can't show you the English sentences whose SHA-1 hash makes up the seeds, because they don't have them.
The computation that the NSA (specifically, Jerry Solinas) ran for Certicom was to find seeds that generated prime fields with a structure that allowed for efficient reduction using a method Certicom patented - in exchange for a licence to Certicom's patents. (Turns out since that there are even more efficient reductions that Certicom didn't patent.)
The things that make short Weierstrass elliptic curves dangerous are things like the point at infinity and the zero points, or the behaviour of points that aren't on the curve (notable twist-insecurity of secp224r1, for example). Like they did with DSA, NSA at the time liked things that were possible to implement securely for their own use, but really hard with several dangerous gotchas.
Lately better curves have emerged, particularly the Montgomery and Edwards forms. They're not patented, much simpler (and therefore safer) to work with, with complete formulas, and faster too. Curve25519 and Ed448-Goldilocks are rigidly-specified (absolutely no hidden shenanigans at all, thoroughly discussed on-list) and a lot of public argument was had about them on CFRG - RFC 7748 is what you're looking for. X25519 and Ed25519 are absolutely fine and best-in-class today.
Most cryptography used today (including 128-bit symmetric ciphers, and hashes <384 bits) will fall to a big practical quantum computer, but no-one has one of those. NSA reckon someone will have one in something roughly like 25 years?
There are few suitable, well-studied post-quantum algorithms yet: McEliece is probably OK, hash-based signatures are (try SPHINCS-256, it's stateless) but lattice-based encryption looks promising but may not be secure, let alone PQ-secure.
>>53334697
is it stupid to use the diceware method to generate a password
>>53345361
>elliptic curves
Depends on the curve and your implementation of it; see my reply above. Probably better than RSA or DH. Binary curves are broken; prime fields are not. Try to use constant-time implementations; the asm one in recent openssl of prime256v1 seems to be OK - the excellent Ed25519/X25519 implementations in libsodium are recommended.
>AES 128/256
If implemented in hardware, probably fairly safe (if your hardware is backdoored, you are fucked any way you look at it). It could have used more rounds, particularly AES-256, but eh, it's still OK. Prefer 256, due to possible future PQ resistance.
For symmetric encryption, use an AEAD, which combine primitives in safe ways: don't try to do that yourself, you'll fuck up!
Warning: many software AES implementations exhibit memory/cache side-channels.
If you have both AES-NI and PCLMULQDQ, AES-256-GCM is a good choice, or OCB3-AES-256.
If you don't have AES hardware, ChaCha20-Poly1305 from RFC7539 (or the earlier variant used in openssh) would be a better idea than AES; a stream cipher (made out of a pretty well-studied 256-bit ARX block cipher in CTR mode) plus a Carter-Wegman (information-theoretic secure) authenticator over 2^130-5. libsodium's default salsa20-poly1305 is also fine (very similar).
>SHA256
Susceptible to length-extension attacks, but other than that, still pretty good! Surprisingly the NSA never, at any point, held back or fucked around with their hash functions - but although they might have had an idea, they didn't fully anticipate Wang Xiaoyun's attack.
BLAKE2b is both faster and stronger and I usually recommend it now instead (i.e. b2sum); definitely use BLAKE2b everywhere anyone's still using MD5 or SHA-1. The sponge function Keccak (SHA-3 or SHAKE256) if you have Keccak hardware is also OK, but slower in software (NIST have a hardware fetish and don't care, and prefer the different-ness of sponge functions to the earlier Merkle-Damgård functions like MD4/MD5/SHA-1/SHA-2).
>>53334729
>arch partition
>>53346108
No. Diceware is 100% legit. Real entropy is real entropy: even if the attacker knows the word lists, 8 words is >100 bits and even the NSA can't crack it[1].
But DON'T CHEAT. The words really do need to be selected RANDOMLY.
Dice are good at randomness; CSPRNGs are good at randomness when implemented properly. Humans are, sadly, not. If you select a phrase yourself along the xkcd lines thinking that all you need is several words and you're fine, Markov chains will eat your lunch[2].
They have to be random; no compromises. Either use a secure CSPRNG that you really trust to select them, or actual unbiased casino dice and use whatever comes out.
Memory aids are a reasonable idea. Try to link the phrase together in your head. I use a 10-word (=129-bit) to unlock GPG keys: that will be pretty good for all of the foreseeable future!
___
[1] Of course, they can probably try rooting your computer with a 0day or some old vuln oversight. Or planting bugs. Or cracking your kneecaps. Sorry, no encryption in the world can protect your kneecaps if you are being actively targeted: just because you use strong encryption doesn't mean you have a magical unicorn panacea.
[2] http://www.simovits.com/sites/default/files/files/PederSparell_Linguistic_Cracking_of_Passphrases_using_Markov_Chains.pdf
