What are your favorite encryption programs or methods?

15 replies [Last post]
albertoefg
Offline
Joined: 04/21/2016

Following the last thread https://trisquel.info/es/forum/what-are-your-favorite-command-line-programs
and also https://trisquel.info/en/forum/whats-your-favorite-not-so-famous-application-trisquel

Now I would like to ask you what methods and programs do you use to encrypt, your Hard Drive, your files, your comunications. But also we can talk about security and how do you protect your computers from survelliance.

I just learned about https://www.fsf.org/blogs/community/encryption-probably-better-than-a-box-of-chocolates

I am using GPA (GNU PRIVACY ASSISTANT) for my computer
https://www.gnupg.org/related_software/gpa/

And OpenKeyChain with my cyanogenmod (android) device: https://www.openkeychain.org/
available in f-droid https://f-droid.org/repository/browse/?fdid=org.sufficientlysecure.keychain

(By the way I know that cyanogenmod its not fully free software, but I am trying to buy a device where I can install Replicant to change that ;) )

albertoefg
Offline
Joined: 04/21/2016

Also for encrypted text messages I am using Silence https://silence.im/

Also available at F-DROID :)

albertoefg
Offline
Joined: 04/21/2016

I know about veracrypt https://en.wikipedia.org/wiki/VeraCrypt

But i am not sure if it is safe to use, as it is a fork of truecrypt wich apperantly was compromised. http://truecrypt.sourceforge.net/

What do you think? Is it safe to use? Or are there better options?

lembas
Offline
Joined: 05/13/2010

Don't know whether it's safe but it's not free software.

albertoefg
Offline
Joined: 04/21/2016

Really? I wasn't aware of that. What would you recommend me instead :)

loldier
Offline
Joined: 02/17/2016

In Ubuntu and its derivatives, you must encrypt your HDD/home folder at the time of installation. I'm not aware there is an encryption option afterwards. Anybody?

ScullyItsMulder
Offline
Joined: 05/04/2016

I believe you are correct and this must occur at the time of installation. I believe it even displays a warning about the importance of doing it at that time.

Ignacio.Agullo
Offline
Joined: 09/29/2009

name at domain, Sáb 07 Mai 2016 09:55:23 CEST:

> I know about veracrypt https://en.wikipedia.org/wiki/VeraCrypt
>
> But i am not sure if it is safe to use, as it is a fork of truecrypt
> wich apperantly was compromised. http://truecrypt.sourceforge.net/

There was never news of TrueCrypt being compromised. An audit
was made, and the results shown that it was 100% safe.

What happened to TrueCrypt was that it was abruptly
discontinued. The most likely cause for that would be a "Lavabit
situation" - an US agency forcing the owner to turn in the master key,
and the owner choosing to shut it down instead of giving in.

> What do you think? Is it safe to use? Or are there better options?

I trust VeraCrypt, so far I see no reason to think it unsafe.
That is the strength of free software - the source being available and
free to modify and redistribute, anybody can pick it up and continue
from the point where the original author left in.

------------------------------------------------------------------------
Ignacio Agulló · name at domain

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

loldier
Offline
Joined: 02/17/2016

Truecrypt is discontinued.

Micah Lee has some interesting insights into laptop encryption. 'Evil Maid Attack' and 'Cold Boot Attack'...

https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/

Snowden explains how to reclaim your privacy.

https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

For files: I move them all in an archive (7z, tar etc..) and then I encrypt the archive with gpg. I do realize this is not very convenient but I have a huge trust in gpg and prefer this inconvenient way over all the others I am aware of. The passphrase is long and complex enough.

I use a VPN to encrypt my internet connection and thus hide my online computing from my ISP. Another benefit of a VPN is to hide Tor usage from the ISP.

I use icedove+enigmail for mail encryption.

I prefer the pidgin + OTR combo for chatting.

I think that's about all.

ScullyItsMulder
Offline
Joined: 05/04/2016

Would it be ok to remove the VPN and just connect through Bridges?

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

It would I think. With VPN provider it always comes down to one thing: is it reliable and cn you trust it not to log? Not an easy question. Here an interesting thread on the two -> http://www.webcacher.org/silkroad1-forums-anonymous/2013-10-15/Discussion/Security/wc.VPN%20vs%20Bridge%20vs%20ISP.html

also -> https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

onpon4
Offline
Joined: 05/30/2012

I don't know any technical details about disk encryption except that TrueCrypt is proprietary, so don't use TrueCrypt or anything derived from it. I imagine that what Ubiquity sets up is secure.

When it comes to file encryption, as far as I'm aware, the most secure methods of encryption are AES and OpenPGP. But I'm not sure.

This is the thing about encryption: if an encryption method doesn't work well, current programs don't tend to recommend it. Other than using an encryption method that works, what really matters isn't the method of encryption, it's the key or password. If the key is weak, the encryption is weak. For something like an OpenPGP key, choose the longest possible key and don't put it anywhere where someone else could get it. For a regular password, choose something really long and not too predictable. Something like a long sentence or even a short story. Using a KeePass database can help a lot with this.

If you really want to be secure, you can combine multiple encryption schemes. For example, start with a 7z archive protected by a password (this is AES encryption) and then encrypt the resulting file with GnuPG. That way, if it turns out that e.g. AES has a vulnerability, the files will still be protected by the GnuPG encryption. But it's highly unlikely that such a vulnerability will be found, so most people shouldn't worry too much about taking this extra step.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>When it comes to file encryption, as far as I'm aware, the most secure methods of encryption are AES and OpenPGP. But I'm not sure.

gpg -c --cipher-algo AES256 file.txt

That's the command I use. AFAIK AES is very secure.

Also, I can recommend the riseup's website as source of information on setting up a proper gpg key. Look for "gpg best practices". It involves placing some changes in the gpg.conf file, nothing complicated though.

You will also find the instructions to check if your current key was set up properly (giving precedence to the most secure encryption cyphers).

Banana Magique: very nice line.

Mangy Dog

I am a member!

I am a translator!

Offline
Joined: 03/15/2015

Edward Snowden made yet another remarkable phrase among many others :

Shift your thinking from passwords to passphrases

or
A five-word passphrase, in contrast, would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second
https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/

alimiracle
Offline
Joined: 01/18/2014

for files I use rosecrypt
and I use gpg for mail
and tor for Internet