Site Tools


Hotfix release available: 2017-02-19e "Frusterick Manners". upgrade now! [49.5] (what's this?)
Hotfix release available fixing CVE-2017-12979 and CVE-2017-12980: 2017-02-19d "Frusterick Manners". upgrade now! [49.4] (what's this?)
Hotfix release available fixing CVE-2017-12583: 2017-02-19c "Frusterick Manners". upgrade now! [49.3] (what's this?)
Hotfix release available fixing security token and media manager: 2017-02-19b "Frusterick Manners". upgrade now! [49.2] (what's this?)
Hotfix release available fixing install and media manager issues: 2017-02-19a "Frusterick Manners". upgrade now! [49.1] (what's this?)
New release available: 2017-02-19 "Frusterick Manners". upgrade now! [49] (what's this?)
Hotfix release available: 2016-06-26e "Elenor of Tsort". upgrade now! [48.5] (what's this?)
Hotfix release available fixing CVE-2017-12979 and CVE-2017-12980: 2016-06-26d "Elenor of Tsort". upgrade now! [48.4] (what's this?)
Hotfix release available fixing CVE-2017-12583: 2016-06-26c "Elenor of Tsort". upgrade now! [48.3] (what's this?)
Hotfix release available fixing security token: 2016-06-26b "Elenor of Tsort". upgrade now! [48.2] (what's this?)
Hotfix release available fixing authad issues: 2016-06-26a "Elenor of Tsort". upgrade now! [48.1] (what's this?)
New release available: 2016-06-26 "Elenor of Tsort". upgrade now! [48] (what's this?)
internet_security

Encryption

wallpoper.com_images_00_27_83_19_cryptography_00278319.jpg

Encryption is the conversion of data into another form, which cannot be easily understood by anyone except authorized parties.

In the digital context encryption is a means of protecting any computer-related communication from wiretapping or interception. It scrambles information generated by a computer, stored in a computer, or transmitted through a computer so that the information can only be retrieved in an intelligible form by someone with the key to unscramble it.

In its most basic form, encryption amounts to a “scrambling” of data using mathematical principles that can be followed in reverse to “unscramble” the data. File encryption thus simply converts a file from a manipulable file format (e.g., a word processor document or a picture file that can be opened or viewed with appropriate software) to a scrambled format. Authorization in the form of possession of an appropriate “key” is required to “decrypt” the file and restore it to its manipulable format.

Analog encryption devices as the Enigma Machine, a electro-mechanical rotor cipher machine used in the twentieth century for enciphering and deciphering secret messages. It played a key role in WWII.

Crypto-anarchism

Introduction

Hashing Encryption

The first encryption method, called hashing, creates a unique, fixed-length signature for a message or data set. Hashes are created with an algorithm, or hash function, and people commonly use them to compare sets of data. Since a hash is unique to a specific message, even minor changes to that message result in a dramatically different hash, thereby alerting a user to potential tampering.

A key difference between hashing and the other two encryption methods is that once the data is encrypted, the process cannot be reversed or deciphered. This means that even if a potential attacker were able to obtain a hash, he or she would not be able to use a decryption method to discover the contents of the original message. Some common hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA).

Symmetric Encryption

Symmetric cryptography, also called private-key cryptography, is one of the oldest and most secure encryption methods. The term “private key” comes from the fact that the key used to encrypt and decrypt data must remain secure because anyone with access to it can read the coded messages. A sender encodes a message into ciphertext using a key, and the receiver uses the same key to decode it.

People can use this encryption method as either a “stream” cipher or a “block” cipher, depending on the amount of data being encrypted or decrypted at a time. A stream cipher encrypts data one character at a time as it is sent or received, while a block cipher processes fixed chunks of data. Common symmetric encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), and International Data Encryption Algorithm (IDEA).

Asymmetric Encryption

A cryptographic system that uses two keys – a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.

An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.

Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her.

alt.zz.mu_alt_wiki_xcomic.jpg
Comic by http://xkcd.com/

Opportunistic encryption

Refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems. Opportunistic encryption can be used to combat passive wiretapping. (An active wiretapper, on the other hand, can disrupt encryption negotiation to force an unencrypted channel.) It does not provide a strong level of security as authentication may be difficult to establish and secure communications are not mandatory. Yet, it does make the encryption of most Internet traffic easy to implement, which removes a significant impediment to the mass adoption of Internet traffic security.

Basic Tools

PGP

Pretty Good Privacy ( PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991 while working at PKWARE, Inc.

PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a user name and/or an e-mail address.
PGP can be used to send messages confidentially. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission, it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the session key.

OTR

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:

Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.

Tor

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features.

Demystification of the Deep Web versus the Dark Web.

Tails

  amnesia, noun:
  forgetfulness; loss of long-term memory.
  incognito, adjective & adverb:
  (of a person) having one's true identity concealed.

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.

It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

From passwords to passphrases

It is time to change our glossary for communications and fully adopt the idea of passphrase rather than the simple use of passwords. Using passphrases instead of passwords provokes better entropy.

Randomness

Randomness is the lack of pattern or predictability in events. A random sequence of events, symbols or steps has no order and does not follow an intelligible pattern or combination. Individual random events are by definition unpredictable, but in many cases the frequency of different outcomes over a large number of events (or “trials”) is predictable. For example, when throwing two dice, the outcome of any particular roll is unpredictable, but a sum of 7 will occur twice as often as 4. In this view, randomness is a measure of uncertainty of an outcome, rather than haphazardness, and applies to concepts of chance, probability, and information entropy.

Entropy

Entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators.

Password entropy

It is usual in the computer industry to specify password strength in terms of information entropy, measured in bits, a concept from information theory. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is the number of “entropy bits” in a password. A password with, say, 42 bits of strength calculated in this way would be as strong as a string of 42 bits chosen randomly, say by a fair coin toss. Put another way, a password with 42 bits of strength would require 242 attempts to exhaust all possibilities during a brute force search. Thus, adding one bit of entropy to a password doubles the number of guesses required, which makes an attacker's task twice as difficult. On average, an attacker will have to try half of the possible passwords before finding the correct one. Some in the field contend that entropy is a less than ideal way of looking at “strength” as it is in mathematical isolation from the actuality of user behaviour. Instead strength should be gauged by the randomness, as human generated randomness is predictable regardless of entropy.

Sources: "FreeS/WAN Project: History and Politics" John Gilmore.
Sources: OTR Cypherpunks.ca

internet_security.txt · Last modified: 24/11/2015 19:47 (external edit)