|
||||
|
2 December 2014. Add response 16. 28 November 2014. Add responses 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 28 November 2014 What Is Good Encryption Software? Related: How to Submit Material to Cryptome Anonymously http://cryptome.org/cryptome-anon.htm
A sends: I have contacted you asking about certain security questions. After reading a few of the Snowden leaked documents, I have started to be more aware of my privacy being at risk. I have a few questions concerning certain programs and safety tips. First, I've recently started to doubt about my encryption software. Is Symantec's "PGP Endpoint" a good hard drive encryption software? In other words, is it trustworthy since it is an American company. And if not, what encryption software is the best for Mac. Second, is "ProtonMail" as secure as they say it is? If not, what email provider doesen't let the NSA see into my account. Third, is Jetico inc's "Bestcrypt Container Encryption" trustworthy? If not, what could be an alternative. Fourth, are these encryption types good? Blowfish, Gost & AES - 256bit. And which encryption type remains the best above all? Last, is Kaspersky a good anti-virus software? If not, which one is the best for Mac. _____ Cryptome: Important, difficult questions, likely to produce a range of answers. We will publish them for answers. _____ Answers to cryptome[at]earthlink.net Cryptome Public Key Key ID: 0x8B3BF75C -----BEGIN PGP PUBLIC KEY BLOCK-----
I think the author has not properly defined the
problem. The first step to securing
any system or information is to construct a threat model: _what_ do you want
to defend, against _whom_? _What resources_ and capabilities does your attacker
have? Which _compromises_ (usually
reducing usability) are you willing to
make? These questions have different
responses when the above parameters vary.
Additionally, in my opinion, even if such a threat model were properly defined,
the author does not approach the problem
correctly. Here are some truisms
I use when evaluating the security (however defined) of any
system:
1) Software (and
hardware) which is not publically-auditable is not
trustworthy. Note that this
does _not_ mean that publically-auditable software is trustworthy;
publically-auditable code is a necessary condition, but not a sufficient
condition, for trustworthiness.
2) All software
which processes untrusted input has exploitable
vulnerabilities. This is not
true in theory, but decades of surprising exploits prove this in
practice. Some software has
a higher defect density than others, but the proper approach is to reduce
the size of the attack surface.
3) Encryption works
only in very constrained threat models.
Even assuming the cryptosystem is properly designed and the underlying
crypto primitives are indeed "secure", a motivated attacker will easily sidestep
these measures in most scenarios.
4) "Antivirus"
software is dangerous: it gives a false sense of
security. If an attacker can
execute code on your system--either by physical access or remote code
execution--your entire system is now untrustworthy.
In general, no person can independently audit all security-critical parts
of any system. Thus, security
relies on trust. You trust chip
designers, design IP vendors, EDA tools vendors, the chip fabricator, the
fab employees making masks, the supply chain of your system integrator, the
system integrator itself, the OEMs who write microcode and firmware, the
distribution chain from those OEMs to your actual device, the software vendor,
the distribution chain from the software vendor to your actual device, the
supply chain of that vendor (was their compiler compromised?), ... and the
list goes on. In all, you must,
whether wittingly or not, trust literally millions of people and companies,
and a violation of that trust at any one point can destroy your entire system
security.
With that said, let me elaborate on the above points and include some possible
implications for the author.
1) Wherever possible,
do not use proprietary services, software, or
hardware. This means no Windows
and no OS X, no Dropbox, no SkyDrive, no iCloud, etc.--at the very
least. No email provider is
secure. American companies may
be particularly suspect, but this does not mean non-American companies are
better. NSA compromised the
Swiss crypto-device manufacturer Crypto AG--do you really feel safer using
"Swiss secure" Proton Mail? If
your mail must remain private, intentionally giving your email to a third
party--_any_ third party--is just plain
dumb. It's hard enough to defend
as it is!
2) Critically analyze
the attack surface of your relevant software; determine the size of the trusted
computing base (TCB): what software and hardware do you rely on to properly
deny or mitigate an attacker?
Let's suppose you want to prevent a) hardware access (reflashing BIOS,
hard drive firmware, etc.), b) access to the OS core (rootkits), c) access
to sensitive data (Cryptolocker, bank info-stealing
malware). Let's also suppose
you use Microsft Windows and Internet Explorer.
For an attacker
to exploit your browser, you rely on millions of lines of code in Internet
Explorer for image handling, JavaScript sandboxing,
etc. Assuming sensitive data
is not already accessible to the attacker, you then rely on thousands to
millions of lines of kernel discretionary access control code to prevent
access to that data. For an
attacker to control the OS core, you rely on millions more lines of kernel
code, and maybe millions more lines of user-mode code (e.g.
LSASS). For an attacker to control
the hardware or firmware, you rely on millions more lines of kernel/driver
and firmware code, and the hardware itself.
In other words,
your TCB is astronomically large: you must trust so much code, that even
if you assume the defect density is incredibly small, you can expect many
vulnerabilities.
A better approach
is to start from first principles, like Qubes OS or
Citrix. Isolate those parts
of the system which must be isolated from each other, and rely on as little
software, firmware, and hardware as possible to enforce the
isolation.
3) Focusing on
which crypto primitives are used is likely a waste of time, especially for
a non-cryptographer: there are so many potential pitfalls in cryptosystem
implementation, that a sophisticated attacker would never bother attacking
the crypto primitives themselves, but rather the
implementation. And don't forget
the cryptosystem necessarily includes _you_, the user--and you're usually
the weakest link.
Think about this
in traditional military terms: you have some territory to defend against
an attacker. If you build an
impenetrable 30km-high and 10-km deep wall of Uranium around 30 degrees of
your perimeter, no attacker is going to waste time destroying the wall; they'll
just go around it.
Specifically for full disk encryption, forget about which primitives are
used. Don't worry about whether
20km is tall enough: make sure there aren't giant gaps in the
wall. The best way to do this
is to use the most-audited code you can.
In practice, this means using LUKS.
4) Don't rely on
detection. In all cases but
the most trivial botnet malware, you need
prevention. Once cryptolocker
encrypts all your files, it's already too
late. Once NSA exploits your
browser with QUANTUMINSERT, it's already too
late. You must architect your
system to provide the maximum defensive capabilities--before it's too
late. Finally, if you really _need_ security, don't use a computer. At the very least, never connect your computer to a network, never process untrusted data or connect untrusted devices, and _physically remove_ as many components as possible to reduce your attack surface.
I would add unseen.is to the picture. How secure is it?
Don't use unseen http://cryto.net/~joepie91/blog/2014/04/19/why-you-should-stay-away-from-unseen.is/
Tweet: Tell the users it's not about encryption. It's about implementation. The flaws are usually there. Cryptomeorg: Perhaps. Crypto producers-advocates use that excuse for failure to deliver on marketing promises. Pretty good fails. Tweet: Oh come on you can't blame mathematics for the failure of Windows to prevent buffer flaws.
This question has already been answered in some detail at the Cryptome library: Greenwald Blames the Hostage, November 20, 2014: "Encryption is a citizen fraud, bastard progeny of national security, which offers malware insecurity requiring endless ‘improvements’ to correct the innately incorrigible. Its advocates presume it will empower users rather than subject them to ever more vulnerability to shady digital coders complicit with dark coders of law in exploiting fear, uncertainty and doubt." FBI Breaks Crypto, October 31, 2014: "Protections of promises of encryption, proxy use, Tor-like anonymity and ‘military-grade’ comsec technology are magic acts — ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy." Apple Wiretap Disbelief, September 20, 2014: "Because this first release of their encryption software has no security bugs, so you will never need to upgrade it to retain your privacy?" Natsec the Mother of Secfuckers, June 9, 2013: "Security is deception. Comsec a trap. Natsec the mother of secfuckers." In fact, the NSA itself has tipped its hat on this matter essentially echoing Cryptome: "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments " "Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems"
Are there any "good" anti-virus software? I still keep thinking the best AV is the one you don't install or use at all, since endpoint security is mostly reliant on "secure" user behavior anyway... ...somehow I find the idea of sharing hashes and checksums of all my files with AV industry (or MSFT even due to msrt.exe running all the time) a little disturbing ;)
Looking for Perfect Cryptography: The One-Time Pad http://www.cs.utsa.edu/~wagner/laws/pad.html Simple and Secure.
Response 8 (to Response 7): On 28/11/2014 20:08,...but don't use it for long narrative and member... 1) don't use an electronic random number generator( much less an on-line one) dice are good. 2) ensure that, to the best of your ability , you are not being observed in the creation of said otp. 3) write on a single sheet resting on a hard surface( you don't want to leave tell-tale indentations lying about. 4) DO NOT use the same cypher key twice!!!( or should tat by number/letter sequence?) For OTP to work effectively there must be a high degree of trust between the parties involved. if you leave your pad so someone else can find it you're fucked.
Response 9 (to Response 8): Do you remember that US program encouraged by DARPA...TIA or Total Information Awareness? I thought that they had got rid of it, but I see that it is back again in a different form, but with a vengeance. There is another cypher system where two or more identical books are used which are only known to the users as this information is exchanged previously using some other secure method, such as WOMB. Once this information is set up, then the users can communicate by using sentences or words from the book, i.e. (page) 6...(line) 10... (sentence) (word) 5 etc. Pretty foolproof but clumsy and requires recipients and senders to have a special relationship, like knowing and trusting one another. Once book is compromised the cryptography fails. If transmitted over the internet, suffers same problem as any other encryption sent over the internet. Ball squeezing, same problem. Mind you, using such a system might actually be more secure than any of those what we have at the moment...:-). I can see us having to educate internet users into Book Literacy. Read any good books lately...:-). P.S.One Time Pad: Make sure that the password isn't longer than the message. It might be "perfect" cryptography, but it is subject to the same "metadata" problems...Is there an electronic version of a one time pad? If so, subject to operation security just the same as pgp etc. P.P.S. I seem to remember that our current most favourite political asylumee, at present resident at the Ecaudorian Embassy in London, and living in the vain hope that the European Arrest Warrant might be overturned, invented a cryptographic system which he called "rubber hose", which apparently, like Truecrypt can hide itself within itself, so allowing plausible deniability... provided that another form of rubber hose aint used on the spherical objects...
Response 10 (to Response 9): The way things are going at present, absolutely nothing surprises me any more.... as for any interesting reads... still ploughing through Bamford's books ( current reading Pretext for War). Things are getting quite, erm interesting here in the UK, a piece of legislation is being rushed through our parliament, but heres the interesting bit although it is being rushed through it is not classified as urgent. also comments have been made to the effect that, for a draft bill, parts appear to be very well developed. Even more intriguing is that this piece of proposed legislation dealing with widening powers perportedly in the name of counterterrorisim, appears to be supported by "stakeholders", a rather odd anomaly for a government bill supposedly drafted in conjunction with or on the advice of the UK security services. I think I have the PDFs somewhere both of the proposed bill, the explanatory notes and a draft committee meeting discussing the bill.
Try the free Cryptology MOOC for a better understanding of algorithms: https://www.mooc-list.com/course/cryptography-i-coursera Ask yourself if your hardware and operating systems are secure. Computers, routers, etc. Even the best encryption software won't do much good if it is used on compressible machines and networks. All anyone can hope for is 'pretty good privacy'. "PGP" was a well chosen name - it wasn't 'Certain Privacy.' Maybe you can protect yourself from friends, neighbors, co-workers, employers, but I don't see how anyone can be assured of protection for the big guys like NSA. At my age, I'm resolved to living in the Panopticon where almost everything is likely to become visible. I wish the privacy seekers well, and think some may find a modicum of success. I believe technology is too complicated for us ever to be certain that privacy and encryption will be effective. Check with the EFF online for useful software tools and scripts. https://www.eff.org/ The Guardian online has some tools available too. But beware: even if the tools and encryption are perfect, the technology and machines we all use are the Achilles heel. Most useful security link for the average person: https://www.schneier.com/
You can forget absolute security or privacy, with or without encryption. Unfortunately, it isn't about security software so much as your own personal needs and knowledge about security methods and how good you are at what is called "operational security", which counts the most. You can have the best encryption software in the world, but security is a chain, and the weakest link is nearly always the human being(s) using it. It is like having a hi fi system, no good spending a fortune on having the best quality amplifier, speakers, microphones, recording and playback media and sound proofed rooms, all matching the same standard and specification if you are deaf...like me...:-). Better to check your hearing first...i.e. operational security and device security. In an ideal world you could have unbreakable encryption, but that isn't the end of the story. Operational security is also important. A hard disk can be encrypted with unbreakable encryption, but forensic software can take the disk back to its "new" condition and analyse everything which was ever recorded on it, up to the point of the encryption. The encryption part can be broken by using a variety of methods, brute force, analytics, heuristics, or just plain bringing you before a court and, on the pain of imprisonment or other such punishment, force you, under law to reveal your passphrase. The nasty people will just threaten to squeeze your spherical objects. Traffic analysis can also be used to find out when, for how long, and who you are sending to or receiving data from. In todays world, as soon as you go on the internet, then everything you do, emails, downloading, uploading, installing, removing, updating, visiting websites, visiting the bank, joining a network, arranging a holiday, at home or abroad, or using social media, are all collected and stored by one or another (or all of them) state security or intelligence services in the world. Even if you aren't a target, your activities will be recorded and kept for a long time, this is called the metadata...and it will be kept in different places, some more secure than others. It may or may not be read by an intelligence analyst at some stage, but it won't be discarded. A profile of you is or will eventually be created, which allows computer tracking software to map out your internet of things, computers, tablets, phones, routers, and other electronic devices...as long as they have executable files on them, they can be manipulated and their use recorded..from afar, no matter where you are in the world. Where you are in the world and when, and for how long, can also be mapped; whenever an electronic device is used, credit or debit cards, passport, i.d. card, computer An incomplete profile or a confused profile, will eventually have the "dots connected up" to paraphrase Mr. Obama. If you are a target, then your devices will be "tagged" with different kinds of tags, depending on your position in the hierarchy of risk deemed by those agencies. Different security tags will set different levels of risk, or security, and take your information different places, depending on how much of a risk you are considered to be and what kind of risk. Your information, depending on how important you are considered to be, may be shared amongst the main intelligence or law enforcement agencies and secret services. You will be unaware of this for some time, or even for as long as you live, as remotely controlled software has been used on various occasions, such as stuxnet and such like, or finfisher in the private sector. When your passport is swiped through the computer terminal at the border, if you are on any lists, your passport will be tagged accordingly and the information sent off to the destination deemed by the tag. Not even the Customs or Passport Controller will know anything about it. How do you become a target? Well, there are the usual, normal ways, suspected terrorism, serious crime, drug crime, threat to the security of the state or nation. Sod's law operates here as well, a stupid joke to a security officer at an airport, venting your frustration at having to wait so long, carrying cup cakes on an aeroplane without a valid reason apart from causing suspicion. Here in England a serious crime can be putting the wrong kind of litter in a litter bin, allowing the local council to use RIPA to keep an eye on you. Yep, even the trivial can get you put on some kind of international list. Encryption...you mean you haven't got it? Lucky you, there might just be the slightest chance that you won't be targeted. The security services say that anyone who uses encryption on the internet which they cannot crack will automatically be stored until such time as it can..."Yes...we can". Using TOR or Tails and other such anonymising or "secure" software? Visited the website, downloaded it? Then your activities may well have moved you up the list. No point in having secure encryption software if your computer is being monitored for the creation of the passphrase. Contacted cryptome or on one of those lists which the state may consider to be a threat? who could possibly consider Cryptome to be a threat? After all, it is open, democratic website which exposes the failings of democracy, particularly those which the secret services and other organs of state would rather hide; and is not operated for a subversive, illegal or immoral purpose. Then you will be a target of some kind. Someone, somewhere will have taken note. Anti-virus software, trojan horses, data tracking cookies and and all sorts of other malware can compromise your systems. Nation states, as well as the private and the criminal sectors on the internet already use such software on a large scale. The likes of Symantec and Kasperski and AVG can't keep up with it...though it is still a good idea to have good anti-virus and privacy software and a firewall on your network of devices. So, my advice is, if you are involved in any of the usual hanky panky, like banking or legitimate trading, or communicating with colleagues and friends...don't bother about encryption. Anyway, you might not have any friends who use encryption. To give your activities some protection against the private sector, in terms of security and privacy, particularly if you are in business, then, the higher up you are in the financial chain, the more you become a target, for industrial or commerical espionage and you should take a course along with other people who are involved in your business. Such awareness, of course doesn't prevent you or your data from being spied on. There is literally no way you can protect your security or privacy absolutely. There is very little oversight of the intelligence and security communities throughout the world, and things are hotting up so much these days, that even those legitimate forces of law and order are using...shall we say...intrusive software which they have invented themselves which can not only map your internet of things, but take away your control over them. Just as no one allows their children to go to the park on their own these days, then nation states are using the very real dangers of international terrorism and conspiracies to enhance,"improve" and expand their security and intelligence systems, at a huge cost of money and resources. Even air gapping your computers can hit problems. Air gapping means not connecting to the internet or to other computers. There are security concerns even there, about executive files somehow jumping over and installing themselves on a so called sterile computer. Theoretically, that is the picture as I see it, practically, there is still a lot of catching up to do. if you want to keep a secret, don't share it, keep it in your head and think of something else...:-).
1. For encryption I would suggest fulldisk using LUKS. Im not an OSX user so I cannot suggest an OSX only application but generally fulldisk>container based. The best would be a combination of the two. Neither one will bypass obvious hardware attacks/flaws or flaws in the operating system itself (see: apple ssl bug). For windows ive seen diskcryptor from the reactOS team and it is pretty solid truecrypt clone that is more opensource 2. Ive used protonmail before and it is a very decent system. It works by having an account on their server that serves your mailbox then on a client side there is a javascript file that takes a unique password to decrypt the mailbox. The only flaw with such a system is that what if someone poisons the wateringhole and infects the server that serves the javascript decryption library? I think they really need a desktop app for that. You could always double up on encryption and use pgp+protonmail if that attack is a concern for you. protonmail is based in switzerland which is pretty good and I do like the fact that all of the creators hold passports on different countries and they seem like a solid bunch as I found a XSS attack and they patched it promptly. If you dont need the fancy built in encryption I would suggest riseup.net for email/xmpp 3. It is a commercial solution, I would only trust it as far as I can throw it. Also it is closed source which is a huge concern. 4. Many encryption programs will allow you to put them end to end aes256->blowfish, this is preferable but you will suffer a performance loss as a result. If you are worried about someone cracking the encryption via flaws in the encryption scheme itself the data really should not be on a computer. 5. Kaspersky is decent all around its just decent, Its got the advantage of being sort of large which means fast updates but its still just an average system. In my opinion the two best are ESET Nod32 and Avira. Nod32 has a decent emulation engine that is pretty quick at flagging stuff using heuristics and Avira is the boy who cried wolf in anti-virus form. No idea about mac availability for either. To add to this; Anyone can create an undetected virus pretty quick, AV's only defend against known threats so you just need to make an unknown threat to avoid them. 6. Unseen.is is interesting. I like that they are in Iceland but there is nothing on the site that says if the development team holds Icelandic passports or if the main developer is in California and can be hit with a wrench until he gives up a key. I would avoid until it's a little more proven. Nothing against them personally tho.
> Is Symantec's "PGP Endpoint" a good hard drive encryption software? No, Symantec is compromised by long-term close cooperation with NSA and FBI, so that its encryption does not impede investigations. > And if not, what encryption software is the best for Mac. Apple is compromised by agreements with NSA, FBI, and others, to subvert all Mac encryption on demand, via Software Update and numerous other privileged OSX subsystems. > Second, is "ProtonMail" as secure as they say it is? No, ProtonMail is a hotbed of lawbreakers, subject to frequent National Security Letters and compromised by FBI technical implants. > What email provider doesen't let the NSA see into my account? All are subject to NSA and foreign intelligence technical implants. Many are subject to PRISM and similar backdoors, via agreements made by vulnerable and/or 'patriotic' employees with sysadmin access. > Is Jetico inc's "Bestcrypt Container Encryption" trustworthy? No, Jetico compromised by an agreement with FBI, so that its encryption does not impede investigations. > Is Kaspersky a good anti-virus software? No, Kaspersky is compromised by deep cooperation with FBI, CIA, FSB, and others, so that its virus detection does not impede investigations. > Are these encryption types good? Blowfish, Gost & AES - 256bit If you mean, "Are any of these encryption types unbroken?" then unknown. Claims otherwise are by definition fallacious. > And which encryption type remains the best above all? NSA Suite A. Good luck.
> You can forget absolute security or privacy, with or without encryption. yup!
> Unfortunately, it isn't about security software so much as your own also true! but speaking of technology, my favorite current hardest config is: - coreboot laptop; a nice compat lappy and build your custom bios and grub. - Qubes OS; using IOMMU separation, and Tor VM ahead of all network comms. - Tor Browser 2.5-alpha1 in App VM with "Transparent Tor". the circuit list doesn't work, but it's worth using for the fingerprint avoidance. - Gnu Privacy Guard but NO EMAIL, for encrypting to and from. see command line usage.
Really it is all about preception. So far everyone has given highly technological answers to your original quesitons. From my perspective, you are looking for some simply programs that you can download and install (paid or otherwise) and walk away with some sort of sense of confidence. Let's start with how to deal with real security for the average guy, let's assume your enemy is our annoying Big Brother under the guise of homeland security (insecurity). Right off the bat you are going to be screwed if you purchase a computer from any major online retailer or big box store. You must be more clever than that. Either you get a computer built by a VERY small company (white box), paying CASH or you buy a used computer off of Craigslist, etc., once again only with cash. If you are so paranoid or otherwise have good reason to believe that you are heavily surveilled by Spooks, then by all means don't take your cellphone or drive a car with satellite tech when making your deal. Next thing you are going to want to do is get the computer setup. If you purchase it from a whitebox shop, you best have used a fake name. Having Microsoft Windows registered in your name is going to stop you right away. First thing you are going to do, BEFORE you even turn on your new machine (assuming a laptop, unless you never want to access the net) is put a bandaid over the camera lense(s) that is pointing at you. Now you are going to want to go to a small shop or other public net place (not a place with lots of cameras) where you are going to download everything you need to setup your computer through your fake email account that you just setup. Before you get started on public WIFI you are going to change your MAC address. <<<I will continue if more interest is expressed, otherwise why should I waste me time.>>> "No matter how much security might be out there, there are still simple ways around the system for those who understand it."
|
