What type of Encryption

[WeedVender]

What type of encryption do you use?

Currently im using a BestCrypt container with a TWOFISH encryption for my Video and music files and I use a BlowFish 448 bit encryption for my pOrn so, i know that not a lot of people use encryption but for those that do... what do u use. And If you know alot about Cryptography, can u tell me whats the strongest one currently?

[pacmania_2001]

I don't use encryption, don't have anything needing encryption that is stored on my computer.

[AND1]

PGP with a TWOFISH encryption and a 4096 bit key. I made a 4200 MB container with PGP put all my "secret" shizznit in there and burn it to a DVDR. Then whenever I need it I just mount it up.

Its better to have your "secure" files OFF your HDD as much as possible. Even if they find the disc it's all encrypted and it'll take a least a decade to break.

FACT: DES would take up to 1731 years to crack using brute force on a P3 running at 850Mhz.

[AND1]

Also

The FBI is developing software capable of inserting a computer virus onto a
suspect’s machine and obtaining encryption keys, a source familiar with the
project told MSNBC.com. The software, known as “Magic Lantern,” enables agents
to read data that had been scrambled, a tactic often employed by criminals to
hide information and evade law enforcement. The best snooping technology that
the FBI currently uses, the controversial software called Carnivore, has been
useless against suspects clever enough to encrypt their MAGIC LANTERN
installs so-called “keylogging” software on a suspect’s machine that is capable
of capturing keystrokes typed on a computer. By tracking exactly what a suspect
types, critical encryption key information can be gathered, and then
transmitted back to the FBI, according to the source, who requested anonymity.
The virus can be sent to the suspect via e-mail — perhaps sent for the
FBI by a trusted friend or relative. The FBI can also use common
vulnerabilities to break into a suspect’s computer and insert Magic Lantern,
the source said.
Magic Lantern is one of a series of enhancements currently being
developed for the FBI’s Carnivore project, the source said, under the umbrella
project name of Cyber Knight.

The FBI released a series of unclassified documents relating to Carnivore last
year in response to a Freedom of Information Act request filed by the
Electronic Privacy Information Center. The documentation was heavily redacted —
most information was blacked out. They included a document describing the
"Enhanced Carnivore Project Plan,” which was almost completely redacted.
According to the anonymous source, redacted portions of that memo mention Cyber
Knight, which he described as a database that sorts and matches data gathered
using various Carnivore-like methods from e-mail, chat rooms, instant messages
and Internet phone calls. It also matches the files with the necessary
encryption keys.MSNBC.com repeatedly contacted the FBI to discuss this story.
However, after three business days the FBI was still requesting more time
before commenting. MSNBC.com has filed a Freedom of Information Act request
with the bureau.
Word of the FBI’s new software comes on the heels of a major victory for
the use of Carnivore. The USA Patriot Act, passed last month, made it a little
easier for the bureau to deploy the software. Now agents can install it simply
by obtaining an order from a U.S. or state attorney general — without going to
a judge. After-the-fact judicial oversight is still required.

FBI HAS ALREADY STOLEN KEYS

If Magic Lantern is in fact used to steal encryption keys, it would not be the
first time the FBI has employed such a tactic. Just last month, in an affidavit
filed by Deputy Assistant Director Randall Murch in U.S. District Court, the
bureau admitted using keylogging software to steal encryption keys in a recent
high-profile mob case. Nicodemo Scarfo was arrested last year for loan sharking
and running a gambling racket. During their investigation, Murch wrote in his
affidavit, FBI agents broke into Scarfo’s New Jersey office and installed
encryption-key-stealing software on the suspect’s machine. The key was later
used to decrypt critical evidence in the case.
Magic Lantern would take the method used in Scarfo one step further, allowing
agents to “break in” to a suspect’s office and install keylogging software
remotely. But in both cases, the software works the same way.
It watches for a suspect to start a popular encryption program called
Pretty Good Privacy. It then logs the passphrase used to start the program,
essentially given agents access to keys needed to decrypt files.
Encryption keys are unbreakable by brute force, but the keys themselves are
only protected by the passphrase used to start the Pretty Good Privacy program,
similar to a password used to log on to a network. If agents can obtain that
passphrase while typed into a computer by its owner, they can obtain the
suspect’s encryption key — similar to obtaining a key to a lock box which
contains a piece of paper that includes the combination for a safe.

BREAKING NEW GROUND
David Sobel, attorney for the Electronic Privacy Information Center and
outspoken critic of Carnivore, did not outright reject the notion of a
Magic-Lantern-style project, but raised several cautions.
“This is breaking new ground for law enforcement, to be planting viruses
on target computers,” Sobel said. “It raises a new set of issues that neither
Congress nor the courts have ever dealt with.”
Stealing encryption keys could be touchy ground for federal
investigators, who have always fretted openly about encryption’s ability to
help criminals and terrorists hide their work. During the Clinton
administration, the FBI found itself on the losing side of a lengthy public
debate about the federal government’s ability to circumvent encryption tools.
The most recently rejected involved so-called key escrow — all encryption keys
would have been stored by the government for emergency recall.


http://www.msnbc.com/news/660096.asp?cp1=1

[Defcon]

I don't know man.... IMO I don't think it's possible to "foolproof" the government with encryption. It may make them mad for a few days or hours, but I think unless you completely/physically destroy the HDD, your screwed....

They even have "black boxes" set up with the most ISP's , so if you are a paying subscriber, and they wanted to know anything about your online activity, I am sure they could find out anything they needed to know.

Carnivore as noted above is just a piece of the puzzle that's been leaked, what about the stuff that we know nothing about !!!

[AND1]

There is someone one this forum thats works with the carnivore software. I think we were posting up our desktops and I saw someone had it...

[Faustus]

I'm currently using 658bit Doggy style encryption, but I'm thinking of moving on, its getting kinda old.

[The village idiot]

Well, once upon a time, there was a trick you could do with Bestcrypt. If you made a container, and then put another container inside of it plus a self extracting file that would extract to the some folder as the source file, you could burn the other (second) container to jibberish. All you needed to do was run the self extracting file, and by changing the contents of the container it would scramble the second container. It was listed on the Bestcrypt site if I remember correctly. There were a few other details involved, but that was the basics.

[stiltman]

I use my 20 year old Cracker Jacks super decoder for encryption. Beleave it or not...It's never been broken

[Cobra]

It may make them mad for a few days or hours

That's all I need to do. I don't want those people watching what I send in my e-mails. It's nothing that needs to be kept private at all, but I still don't believe they should be seeing it. I'll be as much of a pain in the arse as possible!

I use triple encryption - 448-bit Blowfish, Triple DES and IDEA - to secure my files. My key is 56 characters long, upper and lower case of complete nonsense that I memorised (no numbers like credit card numbers or anything).

Your cypher is only as strong as your key!

That's what I do. Also, there's stuff on my hard drive that I like to keep secured from anyone who might steal my PC.

Also, all originals are shredded. What's the point in encrypting it if you leave recoverable traces on your hard drive?

Cobra

[WeedVender]

Ok guys.. now i sound like a noob on this...
How would you Implement that type of encryption AND1..Im using best crypt.. do i need another type of software.. I like the idea of encryption on a CD...

[AND1]

go here: http://www.pgp.com/

It's open source and it's proven time after time. NOBODY has ever cracked it and since it was open source NO ONE has found any backdoors. I like PGP becuase when you go to enter your passphrase it will NOT allow to to copy and paste it in there. You have to manually write it in which prevents any info being saved in memory.

[sterno]

Old PGP (2.6.x) was open source. New PGP is not open source. When I last used it the encrypted container files (pgpdisk) were only available in the closed-source commercial payware release. After going commercial PGP was acquired by Network Associates and more or less withered on the vine, and now I think they've split off again.

[The village idiot]

Old PGP (2.6.x) was open source. New PGP is not open source. When I last used it the encrypted container files (pgpdisk) were only available in the closed-source commercial payware release. After going commercial PGP was acquired by Network Associates and more or less withered on the vine, and now I think they've split off again.

http://www.pgp.com/products/sourcecode.html
down at the bottom of the page:

Users must be authorized to download and use the PGP 8.0.3 source code and documentation. To become authorized, please click the PGP 8.0.3 source code link, which displays the license agreement. Read the entire license to verify the user qualifications for downloading PGP 8.0.3 source code. Prior to downloading, users will be required to confirm via a check box that they understand and accept the PGP 8.0.3 License Agreement and are eligible to receive the PGP 8.0.3 source code download per the U.S. Export Administration Regulations.

Does this not suggest that the source code can be had?

[sterno]

That's new to version 8 - I think 5, 6, and 7 didn't have source available for ordinary peons to download. Nice to see they went back to at least making source available, though I think many of the people who actually look through source code probably switched to gpg during the dark period when Network Associates owned PGP.

[WeedVender]

SO, right now do u guys think that any three letter governement agency can see what we hold precious?... whats to stop them from getting a microscope and scanning the data?

[AND1]

If you use stong encryption to protect something they CANNOT crack it, instead they install keyloggers (Magic Latern) on your comp without your knowledge and try to find the passphrase. They will disect your entire drive (if they really need to becuase this costs money and if your not a terrorist I doubt they go this far) with microscopes to find any data they can find.

But as I said I have ALL my encrypted stuff on a dvdr. So there is no way in the world they can find out whats on the disc without beating the passphrase out of me.

[glockjs]

i use that new navajo double data super 8 encryption

i seriously dont encrypt anything, never had anything on puter that was worth protecting that much. plus im one of the lame asses that would forget how break my own encyption. funny how stuff gets fuzzier after weekends

[WeedVender]

OK so keeping stuff out of HDD is a plus...

Anyway... If they do go to that extent with a microscope... can they c the encrypted files? And I have the keyboard filter installed from BestCrypt so I think im in the clear... and I have the SHA-1 key generator thingy.... how If I were to remove all my private files and burn them on CD, Encrypt my Windows Swap File, empty my temporary folders, wipe the HDD entirely... How safe would I be?

[The village idiot]

OK so keeping stuff out of HDD is a plus...

Anyway... If they do go to that extent with a microscope... can they c the encrypted files? And I have the keyboard filter installed from BestCrypt so I think im in the clear... and I have the SHA-1 key generator thingy.... how If I were to remove all my private files and burn them on CD, Encrypt my Windows Swap File, empty my temporary folders, wipe the HDD entirely... How safe would I be?

Dude... what the hell are you doing? Must be something pretty hard core if you are worrying this much. Shit, you better get some kind of hardware/explosive that will turn your drives into a molten mess if the man comes knocking at your door, or if the computer is booted without a special electronic code key inserted.

Some paranoia is good, but you seem to be over the top with a guilt complex, either that or you live somewhere like China where you have no freedom speech. There are all kinds of sites covering this topic, as well as Usenet groups. I think I would spend more time quietly reading than talking about what you need, it just makes you seem like a serious criminal. It could also lead the "man" to watch your online activities MUCH more closely. You should learn to be quiet with your underworld activities.

And BTW, If the files (all of them) are encrypted on your drive, then the best they can do with a microscope would be to reconstruct the encrypted files, so no need to worry.


Things you should search for:

encryption techniques
PGP
Bestcrypt
drive wipe
anonymous (sp?) surfing
proxy server
encrypted disks
hardware encryption key
anon. email
encrypted email
steganography

That should keep you busy for a while. Or you could simply stop doing all the things that are making you nervous.

[WeedVender]

Not nervous... I just feel like doing all of this... Im the type of guy who moves from topic to topic when it comes to computers.. and I have something highly important that I need to save.. but encrypt, naturally.

[WeedVender]

Anyone Else?

[Cobra]

I just found out about a technique called steganography. This allows you to encrypt data and hide it in an image file. Nobody would be any the wiser, unless the knew to scan your pictures for hidden data.

I am using wbStego to do this, and I am encrypting with a Twofish algorithm and a fairly secure key. Then I am using ABI-Coder to take this image containing Twofish encrypted data and encrypt it again using Blowfish and a very secure key.

I then shred all original and temporary files using CyberShredder so they are not recoverable (and therefore negate the point of encrypting).

This is what I do to secure my files, because I can.

Cobra

[sterno]

There's a technique related to steganography that works with audio files instead of images. Off the top of my head I don't remember the name of the software that does it, though.

[The village idiot]

steganography

seems like someone said this before


Steganography can be used to hide data into any file! That includes images, music, executables, etc.

Just remember that a jpeg who's size is only 640x480 looks mighty suspect when it has a 16MB file size. You must therefore use something to break your to be hidden files into smaller chunks, so that the file sizes can be handled without causing alarm.

[Cobra]

Sorry - I didn't read that closely and it's an older thread. Thought I'd been dead original!

If anyone knows of the software used to put data into audio files, I would like to get a hold of it. I used to be able to do it on my Mac using a program called Paranoid.

Thanks,

Cobra