?

Log in

No account? Create an account
Wakum Mata!
Politcally Incorrect Musings
Security Questions 
4th-May-2006 09:14 pm
linux
mt_hi_l33tness writes:

So, I send you a encrypted email...you have to have the same software, and know the password, right? I'm using keygloo.


No, you don't have to have the same software. But the software each of you use MUST USE THE SAME PROTOCOL. This is where OSS (Open Source Software) comes into play. Everyone has access to the underlying mechanism that performs the encryption and decryption and that will help ensure compatibility.

I've had about 5 hours of sleep, forgive me.

You are forgiven. ;-)

How do I tell you the password through a secure channel? snail mail? My cell isn't secure, email isn't and neither is IM until it is encrypted, and...catch 22, you need the password.

With a public key method, you don't really care how you give me the key since the only thing it can do is encrypt. However, that being said, there is what is known as "man in the middle" attack where your public key can be intercepted before your friend gets it. The man in the middle then sends HIS public key instead of yours. All traffic is intercepted by the man in the middle and he decrypts the message meant for you. He then can alter it and then reencrypt it using your public key and forward the message on to you. You think it is a secure message from your buddy, but it is not. The way around this is a digital signature on your public key. Your public key is digital "approved" by a fourth party that can verify that the key is yours. The man in the middle may have your public key, but cannot reencrypt the message with his key or he'd be discovered. His key cannot be verified to be yours. Your friend sees this and knows that something funny is going on.

So, when I send you a attachment that is encrypted, yahoo tries to scan it with it's antivirus software and freaks....

weirdness.


The binary pattern of the encrypted message may look like viral code to Yahoo. Try zipping it or use uuencode to convert the binary to text.

Other thing is... if someone puts a key sniffer on my PC (you know, hacks into my PC and then runs a program that records every key stroke) they would find out what the passwd is to decrypt anyway, so it's only as safe as my internet connection... and as holey as Windows and firewalls and antivirus and spybots are... well, it's not that safe.

Just today I discovered that I had the Csmit virus, my antivirus detection software hadn't detected it, neither had my antispyware.
So I downloaded a major fix and scanned with ewido 93 infections. Can you believe it? cheese.

Now, encrypting my entire hard drive... hmmm... taht would redflag me as a possible blackhat cracker/hacker on govmnt servers that collect info on everybody. Then they'd really be watching me.


If someone has unauthorized access to your machine, physically or through a back door, you are screwed from a security standpoint. This is where it is best bet to keep your private keys on a removable media such as a floppy disk or USB flash drive THAT IS USED ONLY FOR THAT PURPOSE. The media should be set to READ ONLY unless you wish to update it.

Virus suxors. I use Linux. There was a brief scare about a cross-platform virus that could run on Linux AND Windows... but the utility of that was so poor since it only affecteed one version of the Linux kernel. The Unix security model has proven to be far superior to anything Microsoft can do. No amount of patching Windows will fix its fundamentally flawed/poor design. I know of no known virus that exists in the Linux world.

The government servers would only know your harddrive is encrypted if they had access to it. By the time they do have access to it, you are already in trouble.

Analogy:So, If I put a huge security system around my house, like barbed wire and motion detectors and cameras and search lights....well, people walking by would probably think, gee there must be something real important or costs alot of money in there. So, it's a challenge to thieves who want whatever it is that's in there, and they try harder to get in, than say, a trashy looking redneck house...

???your opinion?


Theives are lazy, otherwise they would not be thieves. If your house has a security system and dogs patrolling and your neighbor does not, your neighbor is more likely to get robbed than you.
This page was loaded Apr 20th 2018, 1:06 am GMT.