This site lists 52 things that people should know about cryptography, if you want to get into the cryptography world. I was also recommended Bruce Schneier’s book, Applied Cryptography: Protocols, Algorthms, and Source Code in C.
I wrote about Tor in the past but I never tried using it. I installed it on my Ubuntu laptop and tested using it via Firefox and [Torbutton]. Now that it’s set up, when I want to surf the web anonymously, I just need to launch Firefox and toggle Torbutton to be on. Even though the Tor daemon is running in the background, I won’t use it on a day to day basis.
I also downloaded the Tor Browser Bundle for multiple platforms per this post and placed them in Lightweight Portable Linux (LPS) USB stick so I can use them on other people’s computer should the need come. Of course, if I wanted to be even more discreet, I would boot up LPS directly.
While on the topic of security (been blogging about [[encryption]] and such pretty often in the last month), I remember reading about a basic, secure linux distribution for web browsing created by the US Department of Defense. I downloaded Lightweight Portable Security just in case I need to use a secure OS on someone else’s hardware.
REMINDER: PASSHPHRASE SHOULD BE 42+ CHARACTERS LONG TO BE EQUIVALENT TO A 256 BIT KEY.
I recently explored encrypting usb drives and external hard drives (well, any hard drive really). I always wanted to lock all of my hard drives just to feel more secure about my files, but never got around to learning how to. In this post, I’ll describe my experience for usb drives and hard drives that aren’t used as the main disk for a computer to boot. I’ll describe full disk encryption for Ubuntu (where the OS resides) in another post.
I explored two methods. The first is using DM-Crypt with LUKS, which is the free and truly open-source solution. The second is using TrueCrypt, which is free (as in beer) and is open-source/proprietary (you can see source code, but I don’t know about modifying and redistributing). A more extensive list can be found here.
This post describes how one can go about encrypting the drive with dm-crypt. You can format the drive as FAT32, ext2, ext3, or anything really (this describes how to format a drive as FAT32 on the command line). On Linux, you just have to use
cryptsetup to unencrypt the drive first. Then mount it for use. Ubuntu Desktop does this automatically (asks you for your passphrase) when the drive is plugged in. On a Windows machine, you have to install FreeOTFE in order to decrypt the drive. If the drive is FAT32, you will have access to it automatically after mounting the encrypted drive. If the drive is ext2 or ext3, you will have to install Ext2Fsd first in order to mount the drive. As of now, there isn’t a way to decrypt the drive on Mac OS X.
TrueCrypt is available on all three major platforms: Windows, Mac, and Linux. Thus, it is better than dm-crypt for usb drives in the sense that you can also use them on a Mac. You can use it to encrypt an entire disk or create an encrypted container file (pseudo partition?) to place files you want secured into. The latter approach is good for smaller files. For archives (big size), the FAT32 combination won’t work due to the 4.7GB file size limitation. Getting started with TrueCryt is quite easy as you just have to follow the GUI. To access the drive on any machine, you have to install TrueCrypt. If the drive is ext2 or ext3, again, you have to install Ext2Fsd on Windows. To mount an ext2 or ext3 drive on a Mac, you have to install ext2fuse, of which MacFuse is a pre-requisite.
What will I use? For a hard drive that I know I will only use with Linux, I’ll go the dm-crypt approach. For drives that I might bring around and plug into other platforms, I will either go with the dm-crypt + ext3 or TrueCrypt + ext3 approach. Why ext3? FAT32 is recognized on all three platforms, PS3, and most other devices that you can plug in the USB drive. However, if the disk is encrypted, the places I can plug the disk into is VERY limited (i.e. a computer). There’s no reason to prefer FAT32. Sure, I would have to install additional software on a Mac or Windows machine in order to read ext2/3. However, to unencrypt on those platforms, I would have needed to install TrueCrypt or FreeOTFE anyways, so this addtional install is trivial. Hmm, since I don’t really plug my drives into a Mac anymore, I think I’ll just stick with dm-crypt. The trick to all this is to have a spare unencrypted usb drive that you can use on a daily basis =].
Change passphrase by adding a new one and removing the old one
I thought it was impossible, but it’s quite easy. Just use
cryptsetup luksAddKey /dev/MYDEVICE to add a new passphrase, and
cryptsetup luksRemoveKey /dev/MYDEVICE to remove the old passphrase.