What are your favorite encryption programs or methods?
- Inicie sesión ou rexístrese para enviar comentarios
Following the last thread https://trisquel.info/es/forum/what-are-your-favorite-command-line-programs
and also https://trisquel.info/en/forum/whats-your-favorite-not-so-famous-application-trisquel
Now I would like to ask you what methods and programs do you use to encrypt, your Hard Drive, your files, your comunications. But also we can talk about security and how do you protect your computers from survelliance.
I just learned about https://www.fsf.org/blogs/community/encryption-probably-better-than-a-box-of-chocolates
I am using GPA (GNU PRIVACY ASSISTANT) for my computer
https://www.gnupg.org/related_software/gpa/
And OpenKeyChain with my cyanogenmod (android) device: https://www.openkeychain.org/
available in f-droid https://f-droid.org/repository/browse/?fdid=org.sufficientlysecure.keychain
(By the way I know that cyanogenmod its not fully free software, but I am trying to buy a device where I can install Replicant to change that ;) )
Also for encrypted text messages I am using Silence https://silence.im/
Also available at F-DROID :)
I know about veracrypt https://en.wikipedia.org/wiki/VeraCrypt
But i am not sure if it is safe to use, as it is a fork of truecrypt wich apperantly was compromised. http://truecrypt.sourceforge.net/
What do you think? Is it safe to use? Or are there better options?
Don't know whether it's safe but it's not free software.
Really? I wasn't aware of that. What would you recommend me instead :)
In Ubuntu and its derivatives, you must encrypt your HDD/home folder at the time of installation. I'm not aware there is an encryption option afterwards. Anybody?
I believe you are correct and this must occur at the time of installation. I believe it even displays a warning about the importance of doing it at that time.
name at domain, Sáb 07 Mai 2016 09:55:23 CEST:
> I know about veracrypt https://en.wikipedia.org/wiki/VeraCrypt
>
> But i am not sure if it is safe to use, as it is a fork of truecrypt
> wich apperantly was compromised. http://truecrypt.sourceforge.net/
There was never news of TrueCrypt being compromised. An audit
was made, and the results shown that it was 100% safe.
What happened to TrueCrypt was that it was abruptly
discontinued. The most likely cause for that would be a "Lavabit
situation" - an US agency forcing the owner to turn in the master key,
and the owner choosing to shut it down instead of giving in.
> What do you think? Is it safe to use? Or are there better options?
I trust VeraCrypt, so far I see no reason to think it unsafe.
That is the strength of free software - the source being available and
free to modify and redistribute, anybody can pick it up and continue
from the point where the original author left in.
------------------------------------------------------------------------
Ignacio Agulló · name at domain
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Truecrypt is discontinued.
Micah Lee has some interesting insights into laptop encryption. 'Evil Maid Attack' and 'Cold Boot Attack'...
https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/
Snowden explains how to reclaim your privacy.
https://theintercept.com/2015/11/12/edward-snowden-explains-how-to-reclaim-your-privacy/
For files: I move them all in an archive (7z, tar etc..) and then I encrypt the archive with gpg. I do realize this is not very convenient but I have a huge trust in gpg and prefer this inconvenient way over all the others I am aware of. The passphrase is long and complex enough.
I use a VPN to encrypt my internet connection and thus hide my online computing from my ISP. Another benefit of a VPN is to hide Tor usage from the ISP.
I use icedove+enigmail for mail encryption.
I prefer the pidgin + OTR combo for chatting.
I think that's about all.
Would it be ok to remove the VPN and just connect through Bridges?
It would I think. With VPN provider it always comes down to one thing: is it reliable and cn you trust it not to log? Not an easy question. Here an interesting thread on the two -> http://www.webcacher.org/silkroad1-forums-anonymous/2013-10-15/Discussion/Security/wc.VPN%20vs%20Bridge%20vs%20ISP.html
also -> https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
I don't know any technical details about disk encryption except that TrueCrypt is proprietary, so don't use TrueCrypt or anything derived from it. I imagine that what Ubiquity sets up is secure.
When it comes to file encryption, as far as I'm aware, the most secure methods of encryption are AES and OpenPGP. But I'm not sure.
This is the thing about encryption: if an encryption method doesn't work well, current programs don't tend to recommend it. Other than using an encryption method that works, what really matters isn't the method of encryption, it's the key or password. If the key is weak, the encryption is weak. For something like an OpenPGP key, choose the longest possible key and don't put it anywhere where someone else could get it. For a regular password, choose something really long and not too predictable. Something like a long sentence or even a short story. Using a KeePass database can help a lot with this.
If you really want to be secure, you can combine multiple encryption schemes. For example, start with a 7z archive protected by a password (this is AES encryption) and then encrypt the resulting file with GnuPG. That way, if it turns out that e.g. AES has a vulnerability, the files will still be protected by the GnuPG encryption. But it's highly unlikely that such a vulnerability will be found, so most people shouldn't worry too much about taking this extra step.
>When it comes to file encryption, as far as I'm aware, the most secure methods of encryption are AES and OpenPGP. But I'm not sure.
gpg -c --cipher-algo AES256 file.txt
That's the command I use. AFAIK AES is very secure.
Also, I can recommend the riseup's website as source of information on setting up a proper gpg key. Look for "gpg best practices". It involves placing some changes in the gpg.conf file, nothing complicated though.
You will also find the instructions to check if your current key was set up properly (giving precedence to the most secure encryption cyphers).
Banana Magique: very nice line.
Edward Snowden made yet another remarkable phrase among many others :
Shift your thinking from passwords to passphrases
or
A five-word passphrase, in contrast, would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second
https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
for files I use rosecrypt
and I use gpg for mail
and tor for Internet
- Inicie sesión ou rexístrese para enviar comentarios