Destiny Central |
|
|
|
Security and
Encryption FAQ Revision 16.1
by Doctor Who "No
one shall be subjected to arbitrary interference with his privacy, family,
home or correspondence, nor to attacks upon his honour and reputation.
Everyone has the right to the protection of the law against such interference
or attacks." Article 12
Universal Declaration of Human Rights
Disclaimer
and justification for this FAQ. Many
countries operate a legal system designed to suppress individual freedom.
Such countries often do not obey basic human rights. The law in these
countries may be based on guilty until proven innocent. My intention in
offering this FAQ is to legally challenge these threats to our freedom. It is
not my intention to promote any illegal act, but to offer people the option
of freedom of choice. How they use that freedom is entirely down to the
individual. For
the suspicious and sharp-eyed who will notice that my key has changed, allow
me to state that I had deliberately destroyed my old key. As
stated at the end of the FAQ, the events of 9/11 made me do a re-think. On
balance, I believe that this FAQ is still justified, if only for reasons of
protecting the rights of the individual against an oppressive Government.
Thus its re-emergence. Revisions
in this version of the FAQ include BestCrypt version 7. BestCrypt has been
included because the latest version has a particularly useful feature that
offers a form of plausible deniability that is all but undefeatable, so far
as I know. More of this later in the FAQ. Other
changes with respect to earlier versions include an alternative to Freedom.
Because Zero Knowledge closed down the Freedom network in October 2001, I
have had to find another way to maximise privacy and anonymity whilst online.
The
FAQ has 2 main Sections. Part
1 concentrates on passive security. It is intended to be useful to both
posters and lurkers. Part
2 is to maximise your privacy whilst online, particularly for Email and
Usenet posting. I
have assumed three security levels: Level
1. For those who wish to protect their files from unauthorised access. These
users are not too concerned at being found with encrypted data on their
computer. Level
2. For those who not only wish to hide their private data, but to hide the
fact that they have such data. This might be an essential requirement for
anyone who lives in an inquisitorial police state where human rights are
dubious, or where there is no equivalent to the Level
3. For those who not only need all that is offered by level 2, but
additionally wish to protect themselves from hackers whilst online and
snoopers who may try and compromise either their software or add substitute
software that could compromise their privacy. Part
1 explains the 3 security levels and offers help in achieving them. 1.
How does encryption work? Essentially
the plaintext is combined with a mathematical algorithm (a set of rules for
processing data) such that the original text cannot be deduced from the
output file, hence the data is now in encrypted form. To enable the process
to be secure, a key (called the passphrase) is combined with this algorithm.
Obviously the process must be reversible, but only with the aid of the
correct key. Without the key, the process should be extremely difficult. The
mathematics of the encryption should be openly available for peer review. At
first sight this may appear to compromise the encryption, but this is far
from the case. Peer review ensures that there are no "back doors"
or crypto weaknesses within the program. Although the algorithm is
understood, it is the combination of its use with the passphrase that ensures
secrecy. Thus the passphrase is critical to the security of the data. 2. I
want my Hard Drive and my Email to be secure, how can I achieve this? You
need Pretty Good Privacy (PGP) for your Email and either Scramdisk or
BestCrypt for your private files on your computer. PGP
is here: http://members.tripod.com/cyberkt Scramdisk
is here: http://www.scramdisk.clara.net BestCrypt
is here: http://www.jetico.com
Scramdisk
has now metamorphosed into a commercial program called DriveCrypt. The source
code is not published for either BestCrypt nor DriveCrypt. The older version
of Scramdisk came with published code and some are sticking with it for that
reason. The
only likely problem facing most people is ensuring whichever you choose is
compatible with your operating system. Although
most people make such decisions for themselves, I have to say that I hate
Windows ME. I found it very fragile. I now use Windows 2000 Professional. I
have no experience of XP, believing that new Microsoft products are always suspect
and best left well alone for at least 18 months after launch. 3.
What is the difference between these encryption Programs? PGP
uses a system of encryption called public key cryptography. Two different
keys are used. One key is secret and the other is made public. Anybody
sending you mail simply encrypts their message to you with your public key.
They can get this key either directly from you or from a public key server.
It is analogous to someone sending you a box and a self locking padlock for you
to send them secret papers, when only they have the key to open the box. The
public key is obviously not secret - in fact it should be spread far and wide
so that anybody can find it if they wish to send you encrypted Email. The
easiest way to ensure this is by submitting it to a public key server. The
only way to decrypt this incoming message is with your secret key. It is
impossible to decrypt using the same key as was used to encrypt the message,
your public key. Thus it is called asymmetrical encryption. It is a one way
system of encryption, requiring the corresponding (secret) key to decrypt.
PGP is simplicity itself to install and use. It even offers to send your
newly generated public key to the key server. For
your normal hard drive encryption, you will need a symmetrical type of
encryption program. The same key is used for both encryption and decryption.
Scramdisk and BestCrypt are of this type and especially good because they are
"On-The-Fly" (OTF) programs. This means that the program will only
decrypt on an as needed basis into RAM memory. More about this later in the
FAQ. One
question often asked by newbies is whether the passphrase is stored somewhere
within the encrypted file. No. The passphrase is passed through a hash, such
as SHA1. This is a one-way encryption. It is the hash output that is stored
within the encrypted container. The program will compare this hash with the
hash it produces from the passphrase that you type in to mount (open) the
container. If they are identical, the container will be decipherable and will
be mounted. 4. I
have Windows, am I safe? Windows
is definitely not a security-orientated program. One simple method of
improving your computer security is to disable the Windows swapfile. To
ensure reliable operation and dependant on what programs you run, you may
need several hundred megabytes of RAM. If you are serious about your privacy,
I would recommend investing in as much RAM as you can afford and turn off the
swapfile. I suggest a minimum of 256 Megs and preferably double or even
quadruple that. If
you have Windows Media Player, go to View -> Options -> Player and
uncheck "Allow Internet sites to uniquely identify Your player" It
appears that Microsoft have done it again. The default is for this box to be
checked. Any Web site could theoretically get your id from within your
Windows registry with this checked. MS claim it is to help identify users
when they download copyrighted music. But anybody could be using this crack
for their own purposes, so protect yourself by unchecking it. BestCrypt
version 7 will encrypt the swapfile. I have not been able to test this claim
but if true, it is a remarkable achievement and one wonders why nobody else
has thought to do it. 5.
Apart from the Swapfile and Media Player, what else can Windows reveal to a
snooper? Windows
can store all sorts of information, such as the names of files recently
opened, the names of Web sites you have visited and much more. If
you have not previously used encryption and/or you have contentious material
lying around in plaintext form in all sorts of supposedly hidden places on
your system, my strong recommendation is to re-format your hard drive.
Despite the format, the original data will still be there and may be
recoverable. To minimise this risk, I suggest you run a free space wipe
utility before re-installing all your programs. One such is Zapempty, which
will run on Dos or NTFS. Zapempty
is here: http://www.sky.net/~voyageur/wipeutil.htm
Assuming
you have a clean system to start with, you can then proceed with creating
your encrypted drives and sub-folders within those drives and finally
installing all the programs you intend using. Most
modern computers now allow you to boot directly from the CD-ROM. If this is
the case (it is easily tested, just insert your Windows CD-ROM and do a
re-boot), you need not bother about installing the system files after the
format. 6.
Are there other OTF programs, apart from Scramdisk and BestCrypt? Yes,
there are several. But to keep this FAQ manageable I mention only those I can
recommend from personal experience. For
level 1 security, it is difficult to fault Scramdisk, particularly because
the source code has been published. This is a very important consideration
and sets it apart from BestCrypt and DriveCrypt. If you require level 2
security then I would recommend BestCrypt as the next best choice. More about
this later in the FAQ. 7.
How difficult is it to break one of these programs? Very
difficult, in fact for all practical purposes, it is considered impossible.
In most cases, the weakest link will be your passphrase. Always
make it long. Remember that every extra character you enter makes a
dictionary search for the right phrase twice as long. Both Scramdisk and
BestCrypt ultimately limit the strength of the algorithm to 160 bits. This is
because the hash program they use, SHA1, outputs a maximum of 160 bits. You
will find that the passphrase input page for Scramdisk shows 4 lines for
inputting your passphrase. Each line can hold a maximum of 40 characters.
Thus a maximum of a 160-character passphrase is possible. A character is
equal to slightly more than 1 bit. Most people will use a somewhat shorter
passphrase, but I would recommend that you at the least spread your
passphrase across the four lines, even if you do not fill each line. 8.
Why? Because
any passphrase cracker cannot find the correct key until it has exhausted a
key search as wide as the last character you enter. A strong hint that you
should make sure the last character of your passphrase is well along the
bottom line! For higher security you should spread it around on all four
lines, that is why they are there. Be
sure that if any serious snooper wants to view your secret data, they will
find a way without wasting their time attempting a brute force attack upon
your Scramdisk container. In some countries rubber hose cryptography may be
the rule. Anybody living in such a country needs level 2 security at the very
least. In some "civilised" countries there are more sinister
methods, such as tempest or the use of a trojan which require level 3
security (see later in FAQ). 9. I
have heard that there are programs that HIDE and Encrypt, are these any good?
Snake
oil! They are not even worth considering for level 1 security. Keep to the
recommended programs if you are seriously in need of privacy. 10.
What about simple file by file encryption? You
could use the Windows version of PGP. It comes with PGP Tools, which will
allow you to encrypt any file on your computer. Only encrypt these single
files on the assumption of a level 1 security. There are many others. 11.
Do I need to wipe as opposed to simply deleting files within the Scramdisk or
BestCrypt drives? If
the encrypted container is sufficiently secure for your normal files, it must
obviously be secure for deleted files. Therefore, it is unnecessary to wipe
files within the encrypted drive. 12.
Do I need to wipe an unwanted encrypted container? Depends.
I used to say, yes. But if you are truly confident of the strength of your
passphrase, then just delete it. However, if you created the container with a
weak passphrase and it contains critical data, definitely wipe it. Wiping
will ensure that the encrypted keyfile material at the head of the file is
over-written. It is only strictly necessary to wipe the first 10K of the file
to ensure this. 13.
Can I use Disk compression to increase the apparent size of the drive? Not
with Scramdisk. BestCrypt allows this on NTFS files, provided you do not use
its steganography feature (see later in FAQ). 14.
Can I encrypt a floppy with Scramdisk and BestCrypt? Yes,
both allow floppies to be encrypted. In fact they also support encryption on
Jaz and CD-RW drives. You can even run Scramdisk off a floppy in what is
called "Traveller" mode. In this mode there are no Scramdisk
related VxD or INI files on your hard drive to worry about. But you do have
the problem of where to hide your Scramdisk floppy. Son
of Scramdisk, DriveCrypt is a different matter. I tested the try-
before-you-buy version and it left all sorts of traces throughout my
registry, despite uninstalling. I have also tested DriveCrypt registered and
I found it un-usable on my system using NTFS files. This may just be an
artefact of some conflict on my system. I hear others have had various
problems, so it is not just me. Since the source code has not been published
for either DriveCrypt or BestCrypt the choice may as well be based on whatever
features appeal most strongly. 15.
Does using Encryption slow things up? There
is a small speed penalty because your computer has to encrypt to write to
disk and decrypt to read from it. In practice on a modern machine, using the
Blowfish (or Rijndael with BestCrypt) cipher, the encryption is totally
transparent in normal use. 16.
Do I need a PGP passphrase if I store my key rings within my encrypted drive?
It is
good security practice to use a passphrase, but for level 3 security it is
essential because level 3 security is intended to ensure your secret data are
safe if attempts are made to hack into your computer whilst online or if your
computer is compromised in your absence. 17. I
use Mac, OS2, Linux, (fill in your choice), what about me? Scramdisk
is now available for Win95/98 and NT/Win2000. I believe a Linux version has
been promised... BestCrypt supports Win95/98/ME/NT/2000 and Linux. Meanwhile
you could look here if you're a Mac user: PGPDisk:
http://www.nai.com/default_pgp.asp CryptDisk:
http://www.primenet.com/~wprice/cdisk.html 18.
How can I ensure I do not leave traces of unwanted plaintext files on my
system? Try
Evidence Eliminator. Apart from its unfortunate name, it is remarkably
efficient at finding lost temp files and info. But I am concerned at its
registry cleaning. I found it unconvincing with old entries. Get
it here: www.evidence-eliminator.com (30 day
trial period on offer). I
used to recommend a form of registry sanitation involving a bat file, but
newer versions of Windows may not offer this facility. 19.
What programs do I put in my newly created You
need to take care over which programs to choose. Some news readers and image
Viewers and E-mailers can write critical information to your Registry. For
what it's worth, here are my choices for these critical programs: (A)
Agent (or FreeAgent) for the newsreader, and basic Emailing. Agent
is here: http://www.forteinc.com (B)
For your Email I have 3 different recommendations: i.
Agent, as mentioned above ii.
Quicksilver, available here: http://quicksilver.skuz.net 111.
JBN2, here: Http://members.tripod.com/~l4795/jbn/index.html
Agent
is simple and very easy to use. It can only be used for plaintext Emails on
its own. However, it can be used in conjunction with a remote host server for
posting anonymously (see later in FAQ). Quicksilver
is recommended for secure Email and Usenet posting. It now also supports Nym
creation. It is an excellent program for both anonymous Email and posting
anonymously to Usenet. It is still in beta testing mode. Most importantly,
Quicksilver is very easy to learn to use. It uses the Mixmaster remailers for
posting. These are considered far more secure than the earlier Cypherpunk
remailers. All
three of these programs will also work with PGP. Agent will require you to
copy and paste, but the other two have built-in support and work seamlessly
with PGP. I particularly commend Quicksilver for its intuitive ease of use.
This makes NYM maintenance much simpler. (C)
For browsing I like Netscape Gold the best. This is an early version of the
Netscape browser, but all the better for that. You can direct it to locate
its Bookmarks file on the encrypted drive. Later versions of both Netscape
and Microsoft Explorer want to create user profiles and worse can write data
in unwanted and hidden, but potentially accessible folders. They are also
very dependent on Java and Active X. These are bad news as far as security is
concerned. Therefore,
be sure to disable Java with Netscape. I
most strongly urge you NOT to use MS Internet Explorer. It will insist on
keeping things within Windows in many hidden folders. This is especially the
case for MS Mail and MS News and Outlook. Of course, you can always use MSIE
as a normal browser on your desktop for non-critical browsing and Email,
should you wish. (D)
Use ACDSee as your viewer. If you use the cache facility, make certain that
you set it up within your encrypted drive. This allows easy previewing of
thumbprints and click and zoom to examine image quality. I prefer the earlier
version 2.4. Less bloat. ACDSee
is here: http://go.acdnet.com
Two
alternatives are: Thumbs
Plus, at http://www.cerious.com and VuePro, at: http://www.hamrick.com
Each
of these 3 programs has some advantage over the others. Choose whichever best
suits your needs. (E)
Many files are compressed. The most popular is Zip. I recommend obtaining a
copy of WinZip from here: http://www.winzip.com. Or, do a
search for PKzip, which is freeware I believe. (F)
Any person who browses the Net should ensure they have a good virus detector.
There are many to choose from, some are freeware, others are shareware or
commercial ware. I use Norton's only because it allows me to update the virus
list online. Useful and so easy. (G)
Get a firewall. I recommend ZoneAlarm. Get
it here: www.zonelabs.com/zonealarmnews.htm 20.
How can I ensure my temporary files do not give away info? My
earnest advice is to invest in more RAM memory and turn off the swapfile. Alternatively,
choose BestCrypt version 7 and ensure the option to encrypt the swapfile is
enabled. 21.
Is there really much difference security-wise between using RAM memory
instead of a permanent swapfile? Definitely.
No matter how many times you wipe the swapfile, it is still possible to
recover the over-written data, if enough effort is put into it. Whereas,
using the RAM memory ensures that nothing is written to disk at all. This
totally circumvents this problem because once the computer is switched off
all data in RAM memory is lost forever. It
also has the merit of safe crash close if you are raided. Of
course, these advantages apply to encrypting the swapfile with BestCrypt. 22.
How secure is this swapfile encryption process with BestCrypt? Jetico
(the authors of BestCrypt), claim BestCrypt generates a random key seeded
from various timing info noted on boot that is held in RAM memory only. This
key is therefore for all practical purposes very secure and is lost on shut
down. Which must mean it is impossible for anybody to recover the swapfile on
a subsequent boot. The encryption algorithm recommended is Rijndael
(pronounced Rinedull). This is the algorithm chosen for the new Advanced
Encryption Standard and is considered very secure. It is also very fast. If
this is indeed how it works, then you can be assured your swapfile data is
secure. All
of the above is sufficient for a level 1 security. Level 2. This is for those who not only wish
to hide their private data, but wish to hide the fact that they have such
data. 23.
What more must I do to achieve level 2 Security? For
level 2, it is essential that you can show plausible deniability for all
files that might contain encrypted data. The purpose is to be able to justify
every file on your system. This section will help you to achieve this higher
level of security. 24.
Which encryption program do you recommend and why? BestCrypt
version 7. Regrettably the needs of a commercial enterprise appear to take
precedence over transparency because Jetico have chosen not to publish the
full source code for their excellent program. But if your needs are such that
you must have level 2 security, I would nevertheless commend BestCrypt
version 7 as the best choice in the circumstances. The
latest version 7 allows a hidden (or secret) encrypted container to be
created within the existing one. More importantly the presence of this hidden
container is impossible to prove without guessing the passphrase for this
hidden container. There is no obvious or outward manifestation to suggest
that such a container exists. First,
a normal encrypted container (call it a file if you wish) is created with
BestCrypt in the usual way. Some private but legal data is put into the
container to justify its existence. Thenceforth it is never again opened
except to prove its contents are legal. In fact, no further data should ever
be written to the container or the second hidden container will be destroyed.
25.
How is this hidden container created? First
create a normal container. Then right mouse click on it and choose
Properties. Choose the option to create a hidden part. The
hidden container is impossible to prove because the keyfile hash of the
passphrase is not marked out. It appears as just more random hash filling
empty space within the container. Remember the whole container is always
filled with apparently random hash, whether data is written to the container
or not. This also applies to the normal container, making it impossible to
guess just how much (if any) data is within the encrypted file. The
only possible way for anyone to prove that a hidden container exists is by
guessing the correct passphrase. There is absolutely no other way to prove
its existence. Neat. Everything
is identical to normal usage. You can enter either passphrase. The normal one
will mount the BestCrypt container, but not show any of the data within the
hidden container. The hidden passphrase will only mount the hidden container
and again will not show the normal data. Under duress, it is therefore easy
to show the ostensible contents of your BestCrypt file. The
more data you load into the normal container, then obviously the smaller will
be the available space left for the hidden container. But with ever-larger
hard drives becoming available, size only becomes an issue for backup
purposes. A
message appears after inputting the hidden container passphrase that you have
mounted the hidden container. It is imperative to check this. If you
absentmindedly mount the normal container and write data to it, you will
probably never again be able to mount your hidden container and you will lose
all of its data! Of course this is an easy way to destroy the hidden
container with all its contents if the need ever arises. Important!
For reliable operation on Windows 2000, you must format both the original and
the hidden part of the container with FAT (if under 2047 Mbytes) or FAT32 if
larger than 2047 Mbytes. The drive on which the BestCrypt container is
created can be FAT32 or NTFS. It is only the BestCrypt container itself that
needs this. I had all sorts of problems until I twigged the problem. Of
course, this might just be another artefact of my system. 26.
Can I create a hidden encrypted container on a floppy? Yes,
and on a Jaz or a CD-RW disk. The procedure is identical. 27.
This all sounds too good to be true, are there any snags? None
so far as I can tell, apart from the FAT32 restriction mentioned above.
Obviously, it assumes that the use of encryption is legal in your country. 28.
What if encryption is illegal in my country? In
that case, I suggest using the steganographic feature of Scramdisk. But
ensure you create your own WAV file, by making your own recording. Once the
steganographically encrypted file is created within the WAV file, make sure
to wipe the original recording to prevent forensic analysis showing their low
level data are not identical. Of course, you will need to install Scramdisk
in traveller mode. This means running it off a floppy. But you will still need
to hide the floppy effectively in the case of a search. I am sorry I cannot
help you here. It must be down to your own initiative. 29.
Are there any other precautions I should take? Make
copies of all your PGP keys, a text file of all your passwords and program
registration codes, copies of INI files for critical programs, secret Bank
Account numbers and anything else that is so critical your life would be
inconvenienced if it were lost. These individual files should all be stored
in a folder called "Safe" on your encrypted drive. Create
a hidden container on a your hard drive. Now copy "Safe" into the
hidden container. Dismount the container and burn it onto your CD-R. I
used to say give this disk to a trusted friend. But now with BestCrypt 7 this
is unnecessary. The
above is sufficient for Level 2 security. 30. I need Level 3 Security, how do I
achieve this? This
is for those who wish to protect themselves from hackers whilst online and
snoopers who may try and compromise either their software or add substitute
software that could reveal their secret passphrases. 31.
What are these threats? They
are known as Tempest and Trojan attacks. 32.
What is a Tempest attack? Tempest
is an acronym for Transient Electro-Magnetic Pulse Emanation Surveillance.
This is the science of monitoring at a distance electronic signals carried on
wires or displayed on a monitor. Although of only slight significance to the
average user, it is of enormous importance to serious cryptography snoopers.
To minimise a tempest attack you should screen all the cables between your
computer and your accessories, particularly your monitor. A non-CRT monitor
screen such as those used by laptops offers a considerable reduction in
radiated emissions and is recommended. I
have heard that in the 33. What can Scramdisk offer to help
minimise a Tempest attack? Use
its Red Screen mode. Also, once a container is mounted, click on the middle
icon to clear all cached passphrases. This is my only serious criticism of
Scramdisk - it does not by default immediately clear the cache. 34.
What about BestCrypt?? It
does not offer the same facility, but it does offer some protection. On the
Menu bar, click on Key Generators -> SHA-1.. and ensure "Use Keyboard
Filter" is checked. Then
again, Options -> Swap File Encryption Utility -> Ensure "Enable
Encryption of Swapfile" is checked. Choose an encryption Algorithm;
Rijndael is the default (and the fastest). 35.
What is a Trojan? A
trojan (from the Greek Trojan Horse), is a hidden program that monitors your
key-strokes and then either copies them to a secret folder for later recovery
or ftp them to a server when you next go online. This may be done without
your knowledge. Such a trojan may be secretly placed on your computer or
picked up on your travels on the Net. It might be sent by someone hacking
into your computer whilst you are online. The
United States Government has openly admitted it will be employing such
techniques. They call it Magic Lantern. It was originally promulgated as a
counter-terrorism weapon. But who knows how it will be used in practice. To be
political for a moment; the problem we all have to suffer is that as
Governments gain ever more power, the ordinary John Doe has less and less
control over his life. 36.
How do I protect myself from a Trojan? You
must have a truly effective firewall. It is not sufficient for a firewall to
simply monitor downloaded data, but to also monitor all attempts by programs
within your computer that may try and send data out. The only firewall that I
know of that ensures total protection against such attacks is ZoneAlarm. This
firewall very cleverly makes an encrypted hash of each program to ensure that
a re-named or modified version of a previously acceptable program cannot
squeeze through and "phone home". ZoneAlarm
is here: www.zonelabs.com/zonealarmnews.htm To
understand how important this firewall is, visit Steve Gibson's site. Steve's
site: http://grc.com
Go to
the "Test my Shields" and "Probe my Ports" pages. You
can test ZoneAlarm for yourself. I strongly urge all users concerned with
their privacy to run this test. One
option worth implementing if others can access your computer is to disable
your floppy drive through the Bios. This simple action may be enough to
prevent someone adding a trojan via your floppy drive. 37.
How will I know when a trojan has modified an acceptable program? ZoneAlarm
will pop up a screen asking if this program is allowed to access the Net. If
it is one of your regular programs, be very wary and always initially say NO
until you can check why this program is not now acceptable to ZoneAlarm. If
it is a strange program, then obviously say, NO and investigate. 38.
How important is the passphrase? Critically
important. It is almost certainly the weakest link in the encryption chain
with most home/amateur users. I provide links at the end of the FAQ, some of
these should either help directly or give further links about how to create
an effective passphrase. For
the newbies: never choose a single word, no matter how unusual you think it
is. A passphrase must be that, a phrase, a series of words, characters and
punctuation intermixed. One method that I believe would help is to
deliberately mis-spell common words in a phrase. Scruggle in place of
struggle, matrificent in place of magnificent. These could be the start of a
longer phrase. Taking this a step further, invent words that are pronounceable
but totally meaningless. Note
it is important to include some figures and keyboard characters such as
punctuation. The use of these will ensure that a simple search using just
lower case letters will fail. 39.
How can I prevent someone using my computer when I am away? Unless
you have a removable C: drive which you can lock away in a secure place, a
wall safe or whatever, your only hope is by securely locking up your computer
so that access is extremely difficult. This may involve some sort of strap
and lock. There is no simple and easy answer. But one way that can help
thwart someone actually depositing a trojan on your machine is by PGP signing
ZoneAlarm. 40.
How do I do this? The
easiest way is by using the Windows version of PGP to check the validity of
Zonealarm.exe and Zoneband.dll and if you have ZoneAlarm Pro, Zapro.exe. You
do this by digitally signing each of these files. PGP
offers you by default the option of a detached signature, use that option. It
surely goes without saying that you do not use any of your secret Nym keys
for signing these files. You should have generated a key pair for general
use, which is for just this sort of purpose. This key is to level 1 security
only, so use a different passphrase to the one you use for your secret
BestCrypt container. It could be the same as your open BestCrypt container,
of course. There is no reason to choose a simple one, the more complex it is,
the more plausible and value you appear to place in the security of your open
BestCrypt container. Anyway, it must be complex if it is to protect your sig
files. After
signing these files, you will see a new file appear with the identical file
name but with the tag "sig" attached. If you click on this new
file, it will display the signature validity of the file it is checking. If
the signed file has been tampered with in any way, it will display "bad
signature". Copy
all the above files, including their detached digital sigs into your secret
container. These are your backups for possible future use. Next, make
shortcuts of both detached sigs that applies to the original files (not the
backup copies) and place these shortcuts in the Windows\Start
Menu\Programs\Start Up folder. When
you next start Windows it will then automatically display boxes showing the
result of testing these sigs against the original files. You now have a
reasonable chance of catching out any snooper who has actually physically
tampered with your machine in your absence. For
this system to be truly effective, you must trust PGP and investigate any
warning of a bad signature. I am
aware that this might be totally over-the-top paranoia for the average user.
Each must decide for himself what level to adopt. 41.
Anything else? Use a
Bios password. Although it can be bypassed by resetting the Bios, the fact it
has been reset should be obvious by either there not being a call for the
Bios password on boot or it is different and you cannot then start-up. Also,
ensure you have set a Windows start-up password and a screen-saver password. 42.
Can you suggest any other precautions I should take to preserve my privacy? Always
proceed on the assumption that you are about to be raided! Always
bother to check the firewall signatures on boot. If any are bad, check your backups
and immediately copy across. Then close down and re-boot. In
some countries this may literally be a life or death situation. Part
2 of 2. This
second part concentrates on security whilst online. There
are countless reasons why someone may need the reassurance of anonymity. The
most obvious is as a protection against an over-bearing Government. Many
people reside in countries where human rights are dubious and they need
anonymity to raise public awareness and publish these abuses to the world at
large. This part 2 is for those people and for the many others who can help
by creating smoke. 43. I
subscribe to various news groups and receive Email that I want to keep
private, am I safe? Whilst
you are online anyone could be monitoring your account. If you live in the The
British Labour Government claim this Act is misunderstood and that it will
only be used against serious criminals. Do
you trust them? You do? Then perhaps you believe in fairies too. 44.
Can anything be done to prevent my ISP (or the authorities) doing this? There
are several things you can do. First of all subscribe anonymously to an
independent News Provider. Avoid using the default news provided by your ISP.
Apart from usually only containing a small fraction of all the newsgroups and
articles that are posted daily, your ISP is probably logging all the groups
you subscribe to. You also need to protect yourself from snoopers whilst
online. Both of these aims can be realised by encrypting the data-stream
between your desktop and a remote host server. This
host should preferably be sited in a different State or country to your own. 45. I
live in the You
don't need to. But your privacy and security are enhanced if you do,
particularly if you wish to ensure best possible privacy of posting to
Usenet. Also, it is quite likely that many routes around the globe, even
across the States may be routed through Perhaps
that is part of the hidden agenda for all this effort. 46.
Ok, you've convinced me, how do I go about this? You
must use the SSH encryption protocol. SSH is a form of encryption that
ensures that everything that leaves your desktop is encrypted. To do this you
will need to subscribe to at least one, but preferably 2 remote servers. One
of these services is run by Anonymizer.com. Their site will explain how to
download and use their recommended program F-Secure version 5. There are
several other commercial versions of SSH, including a freebie version, but I
prefer the Anonymizer recommended commercial version for its ease of use. It
can be downloaded already pre-configured and ready for use. There
are many other sites that allow SSH encryption so I understand, but I have
had to register a domain name to get access to the other that I use. By doing
this I use them sequentially, (See later in FAQ) thus hiding my home ISP from
the distant host. By subscribing anonymously to the second host, I am
effectively screening myself totally. I
believe there is little or no logging of these connections, unlike other
services, such as Usenet postings. Hence the need for this extra level of
security. 47.
How do these programs function? SSH
uses a protocol called port forwarding. This means that it tunnels the
necessary ports for Web browsing (port 80), Email send and receive (ports 25
and 110), Usenet (port 119) through an encrypted tunnel (port 22). Any
adversary attempting to read your data passing in either direction can only
know that a, it is encrypted and b, it is passing through port 22 on your
computer. They cannot even determine whether your Web browsing or sending
Email. Note:
This is not strictly true. I have heard a spokesman for the British
Government claim that even encrypted traffic can give information of the type
of traffic being passed. The
method is simple but very secure. Your desktop SSH program (called the
client) asks for a connection to the remote host server. The host replies
with its DSA public key. Your desktop checks this key against previous
connections and alerts you if it is different, which might suggest someone
was intercepting your traffic. Your desktop has meanwhile generated a random
session key which is never shown to you. The server public key is used to
encrypt this session key. The host is able to decrypt it using its secret key
and then using this session key it asks your desktop SSH program to send your
user id and password. Provided
these are acceptable, the channel is opened. 48.
Where does the data go after passing through the remote host? It
then goes out onto the Web or to the News Provider totally anonymously. All
your postings and downloads will always be totally private. 49.
Is the data encrypted after it leaves the remote server? Not
unless you are using an additional remote host. If you are careful and limit
your time online to say a 1 hour limit, breaking off and re-connecting you
will always generate a new session key. This will make hacking attempts far
more difficult. 50.
How do I get onto Usenet? As
already stated, do not use your own freebie news service offered by your ISP.
You must subscribe anonymously to a dedicated and independent News provider
such as Newscene or Newsfeeds. Regrettably, the best news provider I have
found, Altopia, does not support anonymous sign ups. You will need to modify
Agent to ensure it routes data through the encrypted connection. 51.
How do I do this? Go to
Options -> User and System Profile -> System and put
"localhost" in the line for News Server and again for Email Server.
Click OK. Go to
Options -> User and System Profile -> User and under News Server Login,
put your given username and your password. Check "Login with a Username
and Password" and "Remember Password between sessions". Click
OK. 52.
How do I connect sequentially to a second remote host and why should I
bother? After
connecting to the first, open a new terminal in F-Secure by clicking on
"New Terminal Window" on the tool bar. Wait for the screen to come
alive and show that you are connected then type: ssh
remote_server_b (if you have the same user id for both). If
you have a different user id, then use this form: ssh
user_id@remote_server_b (ensuring you enter the appropriate user id for the
second host). Substituting
the correct server name for remote_server_b. You will be asked for your
second remote host password to login. Use
lower case for the letters "ssh". Note:
Cyberpass.net (the name of the anonymizer.com server for SSH connections)
regrettably does not appear to support this service as the initiating server,
but is perfectly happy accepting requests from a prior remote host server. I
have had to find a Web hosting service and register my own Web site on such a
server to get exclusive usage. There are any number of businesses offering
Web hosting services, just ensure the one you choose to use supports SSH2
(some still only support the earlier and less secure SSH1 protocol). An Email
to the Webmaster should clarify this. Cyberpass now supports SSH2. You can
configure F-Secure to give you a warning if the server responds with SSH1 in
place of SSH2. The
reason for this extra bother is to give an extra layer of encryption and
anonymity to your data stream. 53.
Couldn't I use the first remote host as my local ISP? Not
recommended. 54.
Why not? Because
otherwise you can be traced instantly by the phone company. 55.
What is the difference between a dialup and a shell account? The
dialup is what it says. It is your normal account with your Internet Service
Provider (ISP). With a shell account you connect to your ISP then use the Net
to make an SSH connection to a remote server. All your Net activities, Email,
Usenet, Web browsing are then done through this remote host, or better still
hosts. 56.
How strong (safe) is this SSH encryption? Very
strong and safe. You may have a choice of algorithms, or You will have to use
whatever algorithms are supported by the host server. 3DES is a popular
choice. 57.
Should I run these encrypted programs from within my encrypted drive? For
level 1 security you could run it from your C: drive. But for better security
you will need to run it from your encrypted container. This means SSH should
be installed on and run from your encrypted drive. This is essential for
level 3 security because it insures against anyone accessing your computer in
your absence and substituting a cracked version of your programs or keys. If
hacked, anybody could be monitoring your traffic. 58.
Are there any problems using what is in effect triple encryption (SSH X 2,
plus Scramdisk/BestCrypt) together? On a
modern fast computer, these multiple layers of encryption are totally
innocuous. If you have added copious extra RAM as recommended to obviate
using the Swapfile, you will find your computer runs much faster that will
most likely compensate for the encryption overhead. However, the data transit
speed is slowed up due to the extra nodes in transit. Experience
suggests that using sequential remote hosts into a news provider is
considerably faster than the previous method using Freedom and one remote
host. 59.
Can I post graphics anonymously to Usenet with this system? Absolutely.
If you choose to use Agent, it will always use your News Provider as the
posting host. This is why I recommended you subscribe anonymously to this
news provider. Nothing can then be traced back. Perhaps
that is an exaggeration. But it would be very time consuming and expensive
and problematic. I believe that no logs are kept by the host servers of these
connections, suggesting a major problem for anybody trying to do a trace. It
could be that unless you are a suspected henchman of Osama Bin Laden, you
would not be worth the bother. Quicksilver
will always use one of the mail2news gateways. These are intended to be hard
anonymous, but it does not yet support the SSH option. Attempts to put
"localhost" into the proxy settings causes an error on my system.
Despite this, Quicksilver is the more secure method of sending and receiving
Email and for posting to Usenet, provided several chains of remailers are
chosen. But the remailer network does not readily accept large files, such as
graphics. This need not be a significant problem as you can use Agent,
provided all the other measures have been strictly adhered to. 60.
Why Quicksilver, what about Private Idaho or Jack B. Nymble? I
found Private Idaho far too buggy and not as intuitive as Quicksilver. I have
also used Jack B. Nymble. It is very sophisticated, but I prefer the elegant
simplicity of Quicksilver. This is my choice, others are free to assess the
alternatives and choose accordingly. 61.
Is there another, simpler way? Email
can be sent (and received) by Yahoo or Hotmail. But I treat these as soft
anonymous. Don't use them for anything critical. There
are also several freebie remote hosts. My experiences suggest they are less
reliable and frequently down. By all means experiment and use whatever suits
you best. There
is a culture of expecting everything to be free on the Net. Fine. Just
remember in this world you get what you pay for. If your freedom (literally)
depends on your choices, I suggest you think long and hard before proceeding.
62.
Are there any other suggestions? Immediately
you finish a posting session, break the connection. Close F-Secure. This
ensures new session keys are generated when you log in again over the new
link. Never stay online whilst posting for longer than 1 hour maximum. Always
post at different times, do not create a regular pattern of postings at
specific times and days of the week. If possible, use different ISP's to log
onto the Net. By all memans use a freebie ISP if available in your area. Be
aware that these freebies invariably log your telephone number and connection
times. But then so do the others to a varying extent. 63.
Surely all this is totally over the top for the majority of users? It is
certainly over the top for 99 per cent of users for 99 per cent of the time.
If, however, you are the one in a hundredth and you do not much like the idea
of being at risk for 1 per cent of the time, then no, it is not over the top
at all. In
any case, using these tactics helps create smoke which in turn helps protect
those who really do need all the protection and security they can get.
Remember this FAQ is intended to help many different people. Some may be
living in deprived conditions, in countries where human rights abuses are a
daily fact of life. 64.
Can I use IRC/ICQ/Yahoo/MSM in this way? No.
But you can use a program called Trillian to encrypt text messaging only at
present. It is beta software and does not yet support voice or file transfer.
It is free for personal use. I have used it and it appears to do all they
claim for it. Both parties need to be using Trillian for the encryption to be
effective. You can use it as a stand alone, but it will not then support
encryption. Trillian
is here: www.trillian.cc 65.
Can I be anonymous as far as other Web sites are concerned? Yes,
just set up Netscape to use your remote host as a proxy. If you want the
highest standards of security with Netscape, remember to methodically go
through the various cache options, etc and ensure these are all set to write
to your encrypted disk. I suggest you keep the letter "X" as the
letter for your encrypted drive. Consistency is very important here. By default
Netscape will write to temp folders on your C drive. Bad. 66.
Lastly, what do you say to the charge that this FAQ may be useful to
criminals? I did
take time to have a re-think after the events of 9/11. However, on balance I
believe it is still the right thing to do. Like gun control, if we ban
weapons only the police and criminals will have them. Banning encryption or
anonymity is not going to make criminals stop using encryption and attempting
to be anonymous. It is almost laughable for anyone to be so naive as to
believe that passing any law would make the least difference to a terrorist. I
still believe that the individual should be allowed to choose, not the
Government on his behalf. Who
benefits the most if Governments are allowed to reduce our freedom of choice?
The Government or us? Those
that give up a little freedom to gain a little security will lose both. Therefore:
1.
Always use encryption, whatever else you do. 2.
Always post via your encrypted and anonymous remote host to your anonymously
subscribed News Provider. 3.
Never ask of anyone nor give anyone online, your true Email address. 4.
Never DL any file with .exe, .com or .bat extension from a dubious source. If
you do, don't run it. 5.
For your own protection, never offer to trade any illegal material, nor ever
respond to those seeking it, even anonymously. If
you believe any part of this FAQ is wrong, misleading or could be improved,
please Email your comments and I will take them onboard. To
respond to me personally, email me at doctor_who@nym.alias.net and include
your PGP key with your message if you expect an encrypted answer. Please
use my key, below, to encrypt your message to me. My
key fingerprint: F463 7DCB C8BD 1924 F34B 8171 C958 C5BB My
user id: 0x14A606A7 - - - - - - - - -----BEGIN PGP PUBLIC KEY
BLOCK----- Version: 6.0.2ckt http://members.tripod.com/IRFaiad mQENAza3VwsAAAEIAJoghtgM5IW0CmQOocBDJPUSDAlkaPkP4LVN/6I6U1qYXYSX
slRiXL6R8/L5LiYGjc8+jkK0MbpTh7W4WiT35L31kX2EU/MSNlpawvpwTvaye8cz
Kbwupsi7qtxVEETM11ucSuxtG8ShOwiYrMUqOmP93hf9h78gNzD/qGOYGV994Adt
MHRZ4lPlQnknxoDszHxCDcS83jlo4mD1xhuvLQ1thXFkGBl9Bw/lSWDxcu0gssZB
necFTSkFtJbnu3gHp6DVE9CO/ZxhXDGHAmC/jLfB5QH59Zbbw4fFgQ7tw2gUAgiS
kvv0RS55TB9n7JiDwc+Mk0OlYavdZOh5cRSmBqcABRG0JURvY3RvciBXaG8gPGRv
Y3Rvcl93aG9AbnltLmFsaWFzLm5ldD6JARUDBRA2t1cLZOh5cRSmBqcBAb87B/46
wEezqswaPz8NIA0/XYULXPKse11aCgRL7MIQPO1CRdqjbFnWi1wU2AnAkCtCLia+
lhulNrLJxMUvHgOQc4oC+nlUntBE9f8hHg0VwvQJ/4kO29UeVf0iwr+drZjRJooR
oR1C1UDDr199eeKJ3+m2pO7j1DBxv4tWQAYsJmZQQqlNRLzsmHJyTI/ZN03UREAZ
Qr4k6EjD1lScWg9MfueITgiMdbeV3MmCpf7mnlahvlN/S31CeEfoY2OpcRYVXNQb
it9N8cPM+2KZEdl/FW7yVPgd6BCGFFgPcRiqLC7c1F6qBPUpbdYf/pvd3/lhRJR9
IY35xfmdHWM8Rk+ivIPD =0l2S - - - - - - - - -----END PGP PUBLIC KEY
BLOCK----- This
ends the FAQ. The
following are links that might prove helpful: Items
specifically mentioned or recommended in the FAQ: Anonymizer:
http://www.anonymizer.com
Cyberpass:
http://www.cyberpass.net
BestCrypt:
http://www.jetico.com
Scramdisk:
http://www.scramdisk.clara.net
PGP: http://members.tripod.com/cyberkt
or here: http://www.pgpi.com/download Evidence
Eliminator: www.evidence-eliminator.com ZoneAlarm:
http://www.zonelabs.com/zonealarmnews.htm Agent:
http://www.forteinc.com
Winzip:
http://www.winzip.com
Scorch
and Scour: http://www.bonaventura.free-online.co.uk
Zapempty:
http://www.sky.net/~voyageur/wipeutil.htm Quicksilver,
available here: http://quicksilver.skuz.net Jack
B. Nymble: http://www.skuz.net/potatoware/jbn/index.html
Also
here: http://members.tripod.com/~l4795/jbn/index.html
Trillian:
www.trillian.cc
ACDSee:
http://go.acdnet.com
Thumbs
Plus: http://www.cerious.com
VuePro:
http://www.hamrick.com
Mixmaster (required by Quicksilver and Jack B. Nymble): Download site: |
