How do you guys encrypt your data?
I usually use the following spec:LUKS header information for /dev/sdb1
Version: 1
Cipher name: camellia
Cipher mode: xts-plain64
Hash spec: whirlpool
Payload offset: 4096
MK bits: 512
No one?
I guess /g/ has become yet another normie board.
>>51782862
Why, because no one will tell their personal methods of securing their data?
>hurr durr guys, tell the NSA how you do your thing on this shitty hiking & outdoorsman enthusiast website.
>herp derp I can't keep my secrets myself so I need a stranger's help
Just use the default.
Standard AES-256 is mathematically secure.
>>51782517
Why camellia?
I'll give you a reply because I like your personality:
I don't encrypt my data, I don't see any reason to do so. What's do you have that's so important you feel it needs to be encrypted?
>>51782902
Legal documents.
>>51782893
NIST a shit.
>>51782893
it's weaker than aes-128
>>51782517
I write my words backwards and then use ROT-16.
Y ujyhm oc ithem ithqmasqr tdq duxj uik 61-JEH.
sha1 for integrity, aes512 for confidentiality with symmetric encryption. If assymetric, then at least 2048 RSA or diffie hellman group 20 and authentication always use the public key infrastructure with said types. I stay away from web of trusts.
Elliptical curve, i use that on my smaller devices with less processing resources.
I also make sure to use two factor authentication for online services like ecommerce and google.
Typically will ways choose chain block ciphers over stream whever possible.
i always secure my server to client and server to server communications with IPSec, even on the same subnet. Typically use sha, aes256 here but have been forced to use 3des when dealing with lower versions of asas.
mind your p's and q's.
>>51783051
>sha1
>2015
it's been like 10 years since that was broken
>>51783067
>implying it isnt fine for checksums
>>51783092
SHA256 is the minimum that you should be using.
>Not using Skein or Grostl
I wrote a python script to add 1 to all the ascii values
then i use php to do a rot13
unless they're somehow bruteforcing in two languages i think im ok
>>51783131
so very wrong. go read about hmacs.
>>51782898
Certified by NESSIE, as AES.
>>51783384
selected, beg Ur pardon
Why would you bother? (excluding those who like it as a hobby because they are into code etc)
>>51782639
plaens r dum
>>51782517
serpent-xts-plain64, 512 bits, whirlpool.
>>51782890
what does it matter, they can't break it regardless. if they ever get their hands on the drive they'll figure out what it is quickly.
>>51783418
Prevents burglars/thieves/h4x0rz/spies from accessing data. That can matter when a computer is used for more than entertainment.
>>51783484
>h4x0rz
encryption isn't going to stop a hacker that has rooted your box
>>51783484
What more do you use it for though?
I mean yeah, I do use computers at my work but they stay at work and the security is handled by some IT team so I suppose they encrypt stuff :/
tl;dr computers are entertainment :^)
why not just zip up your important documents and load them in ram?
also, how to do this, is there a program that does this
this is what I want, ideally
>>51783539
On Windows 8 and onward, BitLocker. On lesser editions of 7, VeraCrypt or TrueCrypt. GRC says TrueCrypt is still ok if you can find a copy.
>>51783513
It doesn't make an evil maid attack impossible, but if someone just swipes my laptop, there's no chance of them accessing any of my data.
>>51783561
no, im talking about a program with loads a passworded archive like .zip and then we can use any program to view the files from the ram
also, preferably in linux, is this possible btw?
>>51783632
Yeah, there's softwares that do it.
>>51783002
yvan eht nioj
>>51783561
Hello nsa :D
>>51783695
FBI would be more interested in 4chan users. NSA don't give a fuck about CP. Unless it's funding terrorism? Is it?
>>51783721
Id rather say nsa has more of the interest as they have the infrastructure to monitor and not the fbi. The fbi are more like hounds, they get the target provided by the nsa and they execute simple orders to capture the target
>>51783580
And what if the laptop was sleeping and not powered down?
>>51783756
That's wrong you faggot. NSA only deals with terrorism. It does not give a shit about narcotics or child pornography. The FBI have been monitoring 4chans servers since 2008(9?).
Bitlocker is 100% secure, as is Microsoft Windows.
>>51783882
>NSA only deals with terrorism. It does not give a shit about narcotics or child pornography.
>>51783967
>secure as Microsoft Windows
I came here to laugh at both of you
In >>51784100 I meant to reply to >>51783934 not >>51783882
>>51784100
Feel free to prove me wrong. If the NSA truly cared about the illegal narcotics trade, it's doing a very shitty job at controlling/stopping it. I mean SilkRoad type markets are still operating to this day. CP is arguable.
>>51782517
>encrypt my data
I don't even care about my life, why would anyone else?
>>51784156
Feel free to show me the tools the fbi has that is able to monitor blackmarket traffic
Feel free to show me an fbi computer that has anything more advanced to win xp installed (ok this is overexaggeration but you get the point)
Feel free to show me why should the fbi also have adcanced surveillence department too when the nsa already has one.
Feel free to show me that the fbi is o ly a little more than a bunch of detectives and policement thrown together, I mean they are an executive force, they are the end of the foodchain, they mainly receive and fulfill order from above.
Feel free to correct me.
>>51784323
Feel free to explain how the FBI took down the silk road.
>>51783632
Sounds like you should look into ecryptfs.
>>51783934
>NSA only deals with terrorism
Perhaps you've missed the Snowden leaks. The NSA was caught funneling info to the DEA and IRS. These agencies couldn't use the info legally, so they use a launder it under a process called parellel construction.
http://www.dailydot.com/politics/nsa-dea-fbi-snowden-doj-oig/
This is what you get when your government operates in the dark.
>>51784328
they've never adequately explained the methodology used to locate servers, likely because they broke many laws in the process.
>>51784328
With a bunch of fucking detectives like I already told you. Now guess where did those guy got the intel from.
Hint: look up why is tor considered insecure atm, and look up who controls the vast majority of the publicly available tor nodes atm
>>51784382
I dont think you understand what you're talking about. The official story doesn't make sense. Its clearly a case of parellel construction.
As for Tor being insecure, its not. As for the NSA controlling most of the nodes, they dont and they wouldn't have to in order to monitor the entire network.
>>51782517
Windows normie here. Truecrypt over all drives. Encryption on FreeNAS also. Phone and encrypted. Only things that aren't are my two laptops which are for youtube only and games only.
>>51784415
>As for Tor being insecure, its not.
It is considered to be though. Oh and it is if you are not a professional who can maintain his own nodes.
>>51784441
You don't need to be a professional to maintain a Tor node...
It's not exactly rocket science.
>>51784441
Who considers it secure and how do you define secure? It's currently hosting dozens, if not hundreds of black market drug sites with impunity. I should think that would count for something.
As for hosting your own nodes, thats fine, but what is the purpose of using tor if youre just using your own nodes? It would be trivial to track you if you kept using the same nodes. Again, I dont think you understand whwt you are attempting to criticize.
>>51784427
Why do you use encryption on wangblows? What the blueberry fuck muffins is the point in that? Its only effective against dumb normies like yourself as gubmint officials can take the comfy backdoor in truecrypt/vera-unaudited-honeypot-fork-crypt and just extract your files. If you want to hide busi ess secrets from normies just use password protected archive of some form, no need to use hipster encryption software little winbabby
>>51782902
Kys senpai
>>51784488
>but what is the purpose of using tor if youre just using your own nodes? It would be trivial to track you if you kept using the same nodes.
At this you can see exactly why I said you pretty much need to have/be a professional/specialist because you obviously have to set up those nodes to be untraceble back to you, while still being secure themslelves (simple solutions like buying a vps and hosting a node there, are going out window)
>>51784555
It doesn't matter where or how you host the nodes. If you're using the same nodes constantly, you've just set up a bunch of defacto proxys. The key part of Tor is mixing your traffic with the rest of the users.
>>51784555
>(simple solutions like buying a vps and hosting a node there, are going out window)
buy offshore with bitcoin using throwaway email from a trusted provider over a trusted vpn you paid for with bitcoin from a wifi connection that doesn't belong to you on a laptop using tails. log in and disabled logging and secure the box and setup the node, never log on it again unless absolutely necessary.
>>51784590
then make the node public and let other people use it for awhile before you start using it
>>51782862
it has been for quite a while. there are daily NEET hate threads now.
>>51784609
>Over a trusted vpn
the bitcoin and throwaway email and all that is nice, it works, lets say no complications appear and you use darkcoin not bitcoin and the vpn is in a 3rd world shithole with basically no laws on the topic of kompyuutuhs.
Still, most if not all vpn and vps providers are renting only virtual machines which are anything but to be trusted, as the hosting machine can and will be targeted by any sensible attacker/gubmint-official
>>51784498
versions of truecrypt before 7.2 are probably fine, and probably why 7.2 could no longer make new volumes.
but all this encryption doesn't matter at all, since the nsa has been flashing usb firmware in microcontrollers for dozens of years and can easily use a debugger to dump ram and all your cleartext passwords.
and now that google has a quantum computer you're all fucked.
>>51784725
>since the nsa has been flashing usb firmware in microcontrollers for dozens of years
source on this, for my own curiosity.
>>51784763
google badusb
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
see also
equationlaser
equationdrug
grayfish
fanny
doublefantasy
triplefantasy
stuxnet
flame
gauss
it's why edward snowden says usb devices cannot be trusted never ever
>>51784725
>7.2
Only because of the history of the whole thing I wouldnt trust windows handling anything 'sensitive' though for protecting business secrets and alike its fine I guess.
>usb firmware
theyve been doing this this hdd firmware as well, though I suspect at least some part of these has to be only fear inducing lies as if it were l true there would be no pedos out there and no more non-american inventions or patents ever since tgey could just steal all the business secrets and research material out there
>quantum
you seem a sensible anon please dont fall for buzzwords. If they would have anything more than prototypes running stable for microseconds without crashing, we wkuldbt have to click on street signs and oranges, let alone the absolute lack of effective cpu architectures and optimized software
>>51784797
well, time to never use a pc again. how do you even begin to defend against this?
>>51784899
Become an info-sec specialist and use obsolete hardware (no joke, since they are so old youd have a fair chance that they are clear of all this infectious bullshit)
>>51784928
how obsolete are we talking, what about thinkpads capable of being libreboot'd?
>>51784952
Like stallman level obsolete: use cpu architectures not supported by windows like MIPS (see his lemote laptop has a MIPS in there)
>>51784899
snowden says usb cannot be trusted, and possibly for a very long time. and i imagine it's not only flash drives and hard drives, but any usb device.
however, i am not aware of any usb-firmware keylogger for linux, or if such a thing could even work on linux.
snowden recommends using tails, but i've heard anyone searching for that is put on a watchlist
snowden mentioned live cd os's, and maybe ramdisks, although if someone obtains physical access to a machine they could freeze the ram and remove it and put it into another machine and dump the ram
afaik, when data on a hard drive is an unencrypted state, the necessary password is always in ram
people talk about shutting off power to an encrypted device
it's possible though that most of the spyware the equationgroup deployed targeted windows machines
>>51784928
like windows 95 which has no usb support and a ps/2 keyboard?
>>51784990
his lemote got stolen or something, he uses a thinkpad t60 with libreboot + trisquel now.
>>51785000
we're all already on a list for this thread alone. i certainly am just for searching shit out of curiosity in the past.
and yeah, encryption keys are stored in RAM, which is why it's necessary to fully power off the device to prevent the keys from being extracted. tails goes an extra step and wipes the ram in its standard shutdown process, but i figure if you need to turn your shit off quick that will not suffice.
>it's possible though that most of the spyware the equationgroup deployed targeted windows machines
that's what that arstechnica article seemed to indicate but it would be foolish to think they don't have the capability to completely control Linux or BSD either.
>>51785000
>if such a thing could work on linux
even some guy from /dpt/ could write you something that could do it, and I think there is no selinux policy regarding keyboards, though Im not sure about this one
>freeze the ram
I call bullshit.... or sauce... fuck it I call for sauce, if you can get sauce on this I will read it
>>51785035
If you are concerned about security using obsolete software is probably the worst way to go.... you might as well go to and use nsa wifi....
>>51785113
>stolen
Oh noes! Da Gubmints attacked fatman! I declare war!
>t60
if ibm not lenovo its probably fine thoughhardware modifications might be required to be secure (he doesnt give a flying fuck about security only freedom)
>Libreboot
Im no expert on this though it might be better than proprietary bios.
>trisquel
uses systemd.... see I told you he isnt into security, systemd is a huge attack surface alone if not an outright botnet already
>>51785000
the very moment you typed foarchinz in your chromes address bar you got in the list
>I call bullshit.... or sauce... fuck it I call for sauce, if you can get sauce on this I will read it
it's called a cold boot attack. snowden mentions using compressed air. but it only works on machines that are on, or were recently on.
interview with snowden
https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/
>>51785275
libreboot supports only a few devices but it does remove the intel backdoors, lets you load grub up as a payload in the bios itself so it can't be subjected to evil maid attacks (password protect grub and write protect/lock the bios after setup of course), which leads to full disk encryption incl. the boot partition (which isn't hard to do otherwise but it's nice). takes away a lot of the threat related to keeping your hardware secure + encrypted. doesn't do much about these usb attacks though, but nothing else does either.
>>51785384
Fucking hell mate... thats some macgyver style shit... though it looks strangely interesting. Im gonna try it on my roomates laptop once I get home.
also
>theintercept.com
is the theinterject.com a registered domain? Anyone feeling like purchasing it? Christmas is coming and I dont think he will have many gifts... come on /g/uys you could make fatmans christmas a free miracle!
>>51785400
Sounds nice though these are really heavy claims to make, Im gonna read some documentation on that.
Is it audited?
>>51785035
Even the average /g/ h4xx0r could compromise a w95 machine, and thats not a high level of intelligence... many cant even tie their shoelaces probably.
>>51785523
libreboot is downstream of the coreboot project, so look into coreboot first. libreboot is coreboot but with binary blobs removed. not sure if it has been audited.
>>51785523
also note that libreboot only supports laptops where can effectively remove or isolate the intel management engine, so there will be coreboot compatible laptops that still have the ME.
>>51785400
i'm wondering if end users would have to dump usb firmware and then constantly check it to see if it's changed. until device makers started making it read only. or just stop using any usb like snowden said.
i guess usb storage makers could also release good copies of firmware, but that's really up to the manufacturers of the usb microcontrollers. and people would have to trust that no spy agencies put trojans in them.
the other problem is that if tools are readily available for people to dump firmware it could lead to even more exploits.
so far i've only noticed hobbyists taking a keyboard macro program and compiling it into java and flashing it to firmware on a flashdrive. so the flashdrives poses as a keyboard. maybe that could be defeated by disallowing any usb keyboard.
>>51785675
We live in the age where one could assemble an arduino uno in a matter of minutes and start getting into microconttollers and shit.
https://www.youtube.com/watch?v=sNIMCdVOHOM
Here the question rises: how hard would it be to write my own firmware for, say a simple usb flash drive?
>>51785647
>>51785660
Thanks both of you.
Fuck you and fuck these threads
They make me paranoid and worried
>>51785745
>Here the question rises: how hard would it be to write my own firmware for, say a simple usb flash drive?
apparently russians or the chinese have been collecting firmware flashing programs from manufacturers for a long time.
the nsa has done it for a long time.
researchers in the us figured it out and were going to speak at blackhat about badusb, but they withdrew, because they consider the exploit unstoppable.
some people in kentucky though figured out how to make a flashdrive act like a keyboard (and do anything to a computer you can do with a keyboard). it's called rubber ducky. they even sell them. and people share "payloads."
>>51785785
you should be paranoid
equation: the death star of malware galaxy
https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
>>51785850
>rubber ducky
oh yeah I know that site sells all kinds of premade blackhat tools like wardriving box with a pineapple logo on it, they have al kinds of usb tools though I didnt know they did their thing via firmware
>>51785523
>>51783276
really, really weak bait. Try harder.
.
>>51782517
this photo makes me feel drunk
>>51785000
defeats any os in 2 minutes and scrapes all your encryption keys from ram
https://threatpost.com/new-bios-implant-vulnerability-discovery-tool-to-debut-at-cansecwest/111710
i've also heard of malware that can be implanted into the bios of a videocard, printer
if the chinese are making all these bios/microcontroller chips, wouldn't they know best how to insert malware into them?
Let's spice it up here in, post your encryption key.
Mine is 4chanapplebeesladdlesandbees
Compressed with Zlib and then triple DES, using it instead of AES or Rijnal because of a sad inside joke only I'll ever get.
Using C# BTW.
Also, remember, if you encrypt before compression you won't get much compression because encryption increases entropy.
>>51783051
You are just a silly neet with no secrets why bother doing any of that stuff? Are you hiding something?
>>51784365
So the sent it to DEA and the IRS who will only care if you are doing something illegal, I don't get the problem here?
>>51787019
peace of mind
>>51782517
Uncommon ciphers like serpent or twofish, combined with a simple, custom operation consisting of some bitswapping and Vigenere, as extra icing on the cake, which is rooted in my head and that I code, compile, use and destroy everytime I need it.
Most importantly, I have a nice system of clues, question/answer couples and provoked patterns which make me produce the same output reliably, and which contains 2/3rds of the key of each encrypted file. The remaining 1/3rd is in my head.
>>51787121
>he writes his own crypto
>>51787121
Do you also manufacture your own BIOS chips every time because what's rooted is your machine.
By the NSA Persistence Division.
Although I have seen mention of coreboot+seabios.
>>51787028
In secret, he US has created the world's most sophisticated spying apparatus, continuously lied about its very existence, then stated thwt it doesn't target or even collect information on US citizens and only goes after terrorists plots. Meanwhile, they are using it to get information on tax violations. Oh, and nobody who has looked at the mass surveillance programs has found a single case of terrorism hat this multi-billion dollar program has stopped.
>>51787521
>in secret
There was no secret about it. Snowden was just a reassurance for normies
The only thing I have encrypted is my phone. I don't know what kind of system it use,Android 4.4.4 btw.,
But I am good If in the case that some nigger stole it and can't access my data.
I don't care about crypt on my laptop/desktop because they are always at home.
>inb4 nice blog post
>inb4 muh nothing to hide
>>51787368
>what's rooted is your machine
That never really helped anyone gather any information about unconventional methods, unless specifically targeted. Which is fine by me, because I'm no terrorist. Still they won't do much on my airgapped Raspberry Pis.
The whole process is incredibly simple, and most importantly, forgettable, because I can literally forget all about a bunch of data, and just read the input clues to find the key again. I can plain ignore all encryption keys and intuitively find them again.
It's much less of a hassle than more traditional methods, and a big deal more secure.
>>51782928
why dont store them physically faggot.
It's like you want to add a security problem by storing it on your PC.
got an Alienware laptop so pretty much dont have to care about security. CCleaner and Incognito mode ontop of the alienware base security is more than enough.
>>51782517
Why would I encrypt my hard drive, I'm not a terrorist.
>>51789347
terrorists don't encrypt their hard drives.
they fill them with ak47s.
>>51784156
You mean the same Silk Road that the FBI shut down and arrested everyone involved? Yeah
>>51784156
look up operation onymous. they seized 414 sites.
yeah there are still dark markets but the chances of each of them being exit scams is huge.
>>51782517
Why bother using camelia instead of blowfish?
>>51782517
Why would you want to encrypt your shit anyway? If Tyrone was to borrow your gayming PC he wouldn't even get past the OS login screen.
>>51789506
why bother using blowfish instead of twofish?
>>51789759
why bother using twofish instead of threefish?
>>51789943
You have one minute to write me an unbreakable encryption algorithm.
/thread
>>51789756
Dammit you beat me to it
>>51790031
not him but the unbreakable one is:
>generate a pseudorandom string long as much as the input
>xor dat shit
The problem at this point would be in the key distribution.
>>51790197
correcting myself: this algorithm would be as strong as the pseudorandom generator used.
>>51790031
That would be easy.
Security through obscurity. It's not like it's meant to be open source.
>>51790234
how the fuck do you people manage to be this retarded? The last time someone believed that security through obscurity was a good idea he lost the WWII.
>>51790394
Because someone holding a gun to my head would know.
>>51789756
>the nerdy stickman meme
>>51787019
because he can
Now fuckoff
>>51789404
you forgot to mention the fact that they never revealed how they traced the server to its physical location
>>51784990
is it really necessary to move away from x86 for the sake of security?
>>51785113
>we're all already on a list for this thread alone.
That's bullshit. Being interested in security on a deeper level is now a crime apparently. In 10 years unapproved programming and operating systems will probably illegal at the way things are currently going
>>51785113
why did he go back to x86?
>>51791075
because it was a solution that respected his freedoms
>>51791104
but MIPS is more free as in freedum
>>51790031
otp?
>>51791180
Stallman is a fucking pig anyway who would be better off to invest in a bathtub that respects his hygiene than care so much about companies trying to disrespect his body smell by sending him shower gel ads.
>>51790234
>implying anyone sane would use proprietary encryption algorithms
>>51791229
it takes Stallman level autism to have good security that isn't meme tier though
