F
future
Guest
Security and Encryption FAQ - Revision 20.2
by Doctor Who
"No one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law
against such interference or attacks."
Article 12 Universal Declaration of Human Rights
This FAQ/Tutorial is offered in good faith and is intended to be an
encapsulation of my knowledge and experiences gained over the many
years that I have been a computer/Net user. There are many roads to
security and privacy on the Net, this is just one that I have
personally pursued and can recommend from experiences gained.
There are countless reasons why someone may need the reassurance of
anonymity. The most obvious is as a protection against an over-bearing
Government. Many people reside in countries where human rights are
dubious and they need anonymity to raise public awareness and publish
these abuses to the world at large. This FAQ is to help such people.
Privacy and anonymity are very important principles associated with
both freedom of speech and democracy.
"Anonymity is a shield from the tyranny of the majority... It thus
exemplifies the purpose behind the Bill of Rights, and of the First
Amendment in particular: to protect unpopular individuals from
retaliation - and their ideas from suppression - at the hand of an
intolerant society."
Justice Stevens, McIntyre v. Ohio Elections Commission, 1996
This is a follow-on to the major revision 20. This latest revision
now includes a method for achieving a high level of anonymity for your
Email using Quicksilver.
It is assumed that plausible deniability is an essential requirement to
the reader and the FAQ is slanted with this in mind.
Part 1 offers an overview approach to achieve security and anonymity.
It is intended for the less knowledgeable user, perhaps someone new to
computers and especially the Internet.
This first part can be skipped by the more knowledgeable user.
Part 2. In the second part will be the practical implementations of
some of the programs mentioned in Part 1. In some cases this will
include detailed setup instructions to help achieve the goal of true
computer and Internet privacy and anonymity.
Links to the various programs mentioned are at the end of Part 2.
Part 1
1. How does encryption work?
Essentially the plaintext is combined with a mathematical algorithm
(a set of rules for processing data) such that the original text cannot
be deduced from the output file, hence the data is now in encrypted
form. To enable the process to be secure, a key is combined with this
algorithm. The key is protected by a passphrase. Obviously the
process must be reversible, but only with the aid of the correct key.
Without the key, the process should be extremely difficult. The
mathematics of the encryption should be openly available for peer
review. At first sight this may appear to compromize the encryption,
but this is far from the case. Peer review ensures that there are no
"back doors" or crypto weaknesses within the program. Although the
algorithm is understood, it is the combination of its use with the
passphrase that ensures secrecy.
Thus the passphrase is critical to the security of the data.
2. I want my Hard Drive and my Email to be secure, how can I achieve
this?
You need PGP (Pretty Good Privacy) for your Email and DCPP (DriveCrypt
Plus Pack) version 3.0 or TrueCrypt version 2.1 for your hard drive
encrypted files.
Both DCPP and TrueCrypt are known as OTF (On-The-Fly) type programs.
OTF means the encrypted data is only decrypted into RAM (Random Access
Memory) and remains at all times encrypted on the drive. Thus a crash
close will not leaves packets of plaintext on your drive. A very
important feature.
PGP is available for all versions of Windows, Linux, Unix, Mac and
others. The source code is available for compiling your own version
should you wish.
DCPP is Win2000/NT/XP compliant but not compliant with Win98 or
earlier. Regrettably, no source code is available. It has two unique
advantages over other encryption programs. 1. It is a whole boot drive
encryption program. 2. It offers a form of very good plausible
deniability. More on this later in the FAQ.
TrueCrypt is a new, free and open source program of great promise.
As with DCPP it does not display any file header info to help a snooper
identify the file's purpose. The header is encrypted and just shows as
random garbage. It also allows encryption of a whole partition or
drive and again does not display any info to help an attacker. The
source code is freely available so it means anyone with the ability can
compile the same program. The importance of this cannot be too
strongly stressed. It means the risk of a hidden back-door is
virtually eliminated.
Securstar the owners of DCPP also offer another program somewhat
analogous to Truecrypt. It has the disadvantage of being closed source
and not free, but offers the option of a hidden container within the
outer encrypted container (or partition). It is called somewhat
ambiguously, DriveCrypt.
DCPP, DriveCrypt and TrueCrypt have an additional crucial feature, they
all offer strong plausible deniability - see later in the FAQ.
If the sighting of the source code is important to you, I suggest using
PGP and TrueCrypt.
Note 1: PGP, although excellent to ensure your Email privacy, does
nothing for anonymity. The difference is crucial.
I will assume that anonymity is also very high on your list of needs
and so will concentrate on that issue further down the FAQ.
3. What is the difference between these encryption programs?
One of the difficulties before asymmetrical key encryption was
discovered was how to get the key to the person wanting to send you an
encrypted message. In the past trusted couriers were used to get these
secret keys to a distant location, maybe an overseas embassy. Nowadays
this is unneccessary because of the discovery of what is called public
key cryptography. Two different keys are used. One key is secret and
the other is made public. The most widespread program of this type for
home and private use is PGP, invented by Phil Zimmerman. In fact it
has become the de facto standard on the Net. This program is ideal for
Email.
Anybody sending you mail simply encrypts their message to you with your
PGP public key. It is analogous to someone sending you a box and a
self locking padlock for you to send them secret papers, when only they
have the key to open the box.
The public key is obviously not secret - in fact it may be spread far
and wide so that anybody can find it if they wish to send you encrypted
Email. The easiest way to ensure this is by submitting it to a public
key server. Despite this facility, some prefer not to share their key,
except within a small closed group. Your choice.
The only way to decrypt this incoming message is with your secret key.
It is impossible to decrypt using the same key as was used to encrypt
the message, the public key. Thus it is called asymmetrical encryption.
It is a one way system of encryption, requiring the corresponding secret
key to decrypt. PGP is simplicity itself to install and use. It even
offers to send your newly generated public key to a key server.
Another very important advantage of PGP is it allows the option of a
digital signature. This is the digital equivalent of someone signing
a letter. Only this signature is very difficult to forge, unlike a
paper and ink signature. This proves both the authenticity of a message
and that it has not been tampered with.
For your normal hard drive encryption, you will need a symmetrical type
of encryption program. This means the same key is used for both
encryption and decryption. DCPP and TrueCrypt are of this type and
especially good because they are OTF (On-The-Fly) type programs.
Both DCPP, DriveCrypt and TrueCrypt use the passphrase to encrypt a
randomly created key. In DCPP this is stored encrypted in the keystore
and in DriveCrypt and TrueCrypt it is encrypted within the header and
the plaintext of the key is the device used to encrypt (and decrypt)
the contents of the disk on an as needed basis into RAM memory.
One question often asked by newbies is whether the passphrase is stored
somewhere within the encrypted file. No. The passphrase is passed
through a hash, such as SHA-1. It is the hash output that is stored
within the headers of the encrypted container. The program will
compare this hash with the hash it produces from your passphrase that
you type in to mount (open) the container. If they are identical, the
program will use your passphrase to decrypt the key that the program
generated to encrypt the disk or container. It is this key that will
then be used to decrypt the disk or container on the fly.
Hashing is a one way action only; it is impossible to derive the key
from the hash output. The hashing process is simply a way of checking
that the correct passphrase has been input. If the program was somehow
altered to force it to use an incorrect passphrase, the output would be
garbage.
4. I have Windows, am I safe?
Windows is a closed source operating system which is a law to itself.
Each new update that is released by Microsoft seems to need more
updates to fix the security holes discovered in the first releases of
the update. It has been an ongoing process over many years with no
end in sight.
These weaknesses can manifest themselves as security holes when on the
Net. A further problem with this operating system is its seeming
determination to write to your hard disk all sorts of information that
may be hidden from your view in all sorts of places that could be found
by a forensic examination of your computer.
This is a two fold problem. Firstly, the problem of Windows having
the potential of security holes that might be exploited by snoops and
hackers using the Net and a different security problem of writing all
sorts of information to sometimes hidden folders that might not be
obvious by a cursory check by you, but easily found by a forensic
examination.
If you wish to protect yourself from these potential weaknesses you need
to first of all have an effective firewall and an effective anti-virus
program. That will hopefully help to minimize the threats from outside.
That is only the start. You also need to replace your Windows Internet
Explorer browser for something a lot more secure. I like FireFox or
Mozilla. Even these need strengthening by the use of specialist
programs. More about that later in the FAQ.
Secondly, you are well advised to encrypt your whole drive to protect
yourself from what Windows will write to your hard drive. There are
so-called wipe and cleaner programs to remove cookies and many other
files that Windows will save to your hard drive for future reference.
But at the end of the day, the only truly effective counter measure
against these potential weaknesses is to encrypt your whole boot drive.
In some countries, even this might not be enough. Such countries can
force you to hand over your passphrases to these encrypted drives on
pain of imprisonment. As more and more judicial systems seem to be
leaning ever closer to this sort of injustice (injustice because the
culprit is being forced to self-incriminate himself which is in direct
violation of Article 5 of the Bill of Rights. The right to refuse to
be a witness against oneself.)
Because of these encroachments on our liberty I propose a method of
plausible deniability. This means you can justify all your files and
folders that are on your computer.
5. Which program do you recommend for this whole drive encryption?
Unfortunately, there is at present no modern whole boot drive
encryption program with open source which also allows a hidden
operating system accessible on boot. Of the many different boot drive
encryption programs, I like DCPP. It is truly simple to install. The
new and vastly improved key registration process is helpful. But best
of all it offers truly excellent plausible deniability for its
presence on your system.
It encrypts the whole partition. So if you want to keep part of your
drive in plaintext you will need to divide your hard drive into
independent partitions or have two separate hard drives. Unlike both
DriveCrypt and TrueCrypt, it does not destroy the data within the
partition it encrypts. This is obviously essential as its main
advantage is its ability to encrypt your boot drive.
A further major advantage over previously recommended encryption
programs is that the passphrase is input at Bios level, before Windows
is loaded.
The importance of this is difficult to over-emphasize.
This means it is impossible for any software key-logging program that
may be on your computer to detect your passphrase. Such programs are
sometimes picked up on the Net or arrive via Email and could circumvent
all your efforts at security. It is even conceivable that a snooper or
hacker could steal your passphrase as you type it in, if this is done
whilst the operating system is running. I am sure someone will mention
that there are hardware keyboard logging devices which of course could
grab your passphrase when you start up.
However, common sense local site security should minimize this risk.
A Bios level input of the passphrase in conjunction with whole boot
drive encryption is just about the Holy Grail of security - without
a hardware keyboard logging device, very difficult to intercept and
snoop.
6. Are there other OTF programs?
Yes, there are several. But so far as I know only DCPP operates from
boot and includes the opportunity of creating a second (hidden) boot
operating system.
Others, such as TrueCrypt only encrypt data files, not the Windows
operating system.
TrueCrypt also offers strong plausible deniability because it allows
you to encrypt a partition that appears to be unused and without a
drive letter. The method of ensuring this is simply explained in the
manual that accompanies TrueCrypt. The author must be congratulated
for doing an excellent job of this program.
It is important to note that just simply publishing the source code
does not guarantee safety. It just means the author is allowing his
program to be subjected to peer review. Hopefully many will take the
trouble to go through the code and compile it for themselves.
7. How difficult is it to break one of these programs?
Very difficult, in fact for all practical purposes, it is considered
impossible. In most cases, the weakest link will be your passphrase,
or being compromized by a key-logger through not having good security
on your desktop.
Your passphrase should be long. Remember, every extra character you
enter makes a dictionary search for the right phrase twice as long.
Each time a bit is added it doubles the number crunching time to
crack into the program.
Each keyboard character roughly equates to 8 bits, and is represented
on the drive as two hexadecimal characters. This suggests a 20
character passphrase is equal strength to the encryption. In practice,
probably not. Remember a keyboard has around 96 different combinations
of key strokes, thus multiplying this number by itself 20 times is a
hugely large combination, ensuring a high probability of defeat at
guessing a passphrase. But few people can remember a truly random 20
character passphrase. So most people use a less than random one. This
means it should be longer to help compensate for this lack of entropy.
You should also use at least part of both lines of the passphrase
input screen with DCPP. If you like, two passphrases.
8. Why?
Because any passphrase cracker cannot find the correct key until it
has exhausted a key search as wide as the last character you enter. A
strong hint that you should make sure the last character of your
passphrase is well along the bottom line! For higher security you
should spread it around on both lines.
Although TrueCrypt has a single line entry it will accept a long
passphrase of at least 57 characters from my simple tests.
Be sure that if any serious snooper wants to view your secret data,
they will find a way without wasting their time attempting a brute
force attack upon your DCPP or TrueCrypt container. In some countries
rubber hose cryptography may be the rule. In some "civilized"
countries there are more sinister methods, such as tempest or the use
of a trojan (see later in FAQ).
Fortunately, tempest and trojan attacks are far less likely to succeed
against DCPP than all the other programs. Hence my strong and
enthusiastic support for this program.
9. What about simple file by file encryption?
I recommend either PGP Tools which comes free with PGP or Kremlin. Of
course this is not necessary for files within your encrypted drive.
But is essential to clear files off your computer that are outside your
encrypted drive.
PGP Tools is a long winded process just to encrypt a single file, as it
asks you to first choose a key before entering the passphrase. Kremlin
is quicker because it allows you to right click on the file to be
encrypted, a password box opens and that is it. It also similarly
allows you to wipe any file by right clicking. This can also be done by
PGP. Another recommended program to erase individual files is Eraser.
10. How can I encrypt files on a floppy?
Use either TrueCrypt, DCPP, PGP Tools or Kremlin.
11. Does using Encryption slow things up?
Negligibly on any modern computer. The length of your passphrase is
immaterial to the speed of decryption. But different encryption
algorithms vary significantly. One of the fastest is Twofish and
probably the slowest is 3DES (triple DES). This applies only to
symmetrical encryption programs. PGP uses RSA generated keys, which
in turn are used to encrypt/decrypt a randomly generated session key.
The RSA key is very slow, but as it is only used to encrypt/decrypt the
128 bit CAST5 or IDEA session key its slowness is not noticed.
12. Do I need a PGP passphrase if I store my keyrings within my
encrypted drive?
Definitely. Just because you have encrypted your drive does not relieve
you of the necessity of protecting yourself whilst online.
13. I use Mac, OS2, Linux, (fill in your choice), what about me?
Use either BestCrypt (by Jetico - do a Google search) or PGPDisk.
There are others, but I know nothing about them.
14. How can I ensure I do not leave traces of unwanted plaintext
files on my system?
If you are using DCPP this should not be a problem. But one thing
that needs addressing is the possibility of Windows dumping your
keyfile data which is held in RAM memory only, onto the encrypted
drive. To avoid this catastrophe you must disable the Windows
hibernation (power saving) feature. When Windows goes into
hibernation it will dump everything that is in RAM memory onto the
boot drive by-passing the DCPP drivers. By-passing these drivers
means it writes everything to disk in plaintext including the keyfile
data, which unlocks your most secret partition. This will defeat the
whole purpose of having encryption.
Although your whole drive will be encrypted I would still install a
program to clean out bloat and cookies. My recommendation for this is
Windows Washer.
To wipe unused space on your drive I recommend Zapempty. Although a
Dos based program, it runs easily even within Win XP. This is a part
of a zipped file of wipe utilities called Wipeutil.zip Extract
Zapempty onto the drive you wish to clean up and double click on it.
I recommend keeping copies in the root of every partition on your
computer.
15. What programs do I put in my newly Encrypted Drive?
In previous versions of this FAQ I was wary that some programs might
write critical data to your boot drive. However, this is far less of
a security risk with it being encrypted. What is far more important now
is that these programs do not leak private information whilst you are on
the Net. For what it is worth, here are some I recommend:
For your Web browsing I strongly recommend FireFox or Mozilla as the
browser. Anything other than Microsoft Internet Explorer.
For Usenet I recommend either Agent or Gravity or Xnews. These latter
two are free.
Agent is simple and very easy to use. The commercial version also
supports automatic decoding of yEnc coded files.
For your Email I have 2 different recommendations:
i. Agent, as mentioned above
ii. Quicksilver
Quicksilver is both open source and free.
Do not use Outlook or Outlook Express as they both suffer from the
usual Windows holes.
Use Quicksilver for both Email and light Usenet posting with strong
anonymity via the Mixmaster remailer system. When downloading
Quicksilver, remember to run update immediately after installation,
to download and install the Zipped files for News, Nym, POP and PGP
and Mixmaster. Quicksilver will offer to install all downloaded files
for you.
Both of these programs will also work with PGP. Agent will require
you to copy and paste, but Quicksilver has built-in support and works
seamlessly with PGP. I particularly commend Quicksilver for its
intuitive ease of use. This makes Nym maintenance much simpler.
I used to recommend JBN, but it is slowly becoming obsolescent. It is
not fully compatible with PGP versions 7 or later and does not support
SMTP (Simple Mail Transfer Protocol) authentication. But it is still
the favorite of many.
You must also have a virus checker and a firewall. For the virus
checker, I use Norton's. This will also find adware and spyware. For
the firewall I recommend Zonealarm.
Remember, just because your drive is encrypted does not relieve you
of an obligation to cover your tracks whilst Online.
16. How do I "cover my tracks"?
Never surf naked. Always, always use a proxy. There are now easy ways
to use a proxy. In the early days it was necessary to find and hand
select the proxies you wished to use. This was a laborious process
and needed expert knowledge of which programs to use to find and
exploit them. Some still prefer to do it this way. I call it rolling
your own. It has the distinct advantage of user choice and control
over each proxy to be used in a chain. However, this may offer
anonymity, but not necessarily privacy. Meaning no encryption. I like
privacy and anonymity, so I use other methods - see later in FAQ. The
suggested method also has the merit of ease of use and total
transparency once the programs are set up.
17. Earlier on you mentioned plausible deniability, what is it?
Plausible deniability is the ability to offer irrefutable justification
for every single file, folder, container, partition and drive that
might contain encrypted data. DCPP version 3.0 offers a world first
because it allows dual booting into either of two entirely separate
boot operating systems, each invisible to the other. One of these may
be called your honeypot operating system, meaning it contains encrypted
data that you are prepared to show under duress. The second (hidden)
operating system will contain your most secret data that you never
release. Its presence can only be known by correctly guessing the
second secret passphrase for that operating system. No other way
exists to prove there is a second operating system. Examination by
forensics of your first encrypted boot drive can only show the usual
random data that is associated with an encrypted drive. Nothing else.
This is excellent plausible deniability.
18. What if encryption is illegal in my country?
In that case, I suggest using the stego feature of DriveCrypt. But
ensure you create your own WAV file, by making your own recording.
Once the stego encrypted file is created within the WAV file, make sure
to wipe the original recording to prevent forensic analysis showing
their low level data are not identical.
Of course, you will need to install DriveCrypt in traveller mode. This
means running it off a floppy. But you will still need to hide the
floppy effectively in the case of a search. I am sorry I cannot help
you here. It must be down to your own initiative.
19. Are there any other precautions I should take?
Make copies of all your PGP keys, a text file of all your passwords and
program registration codes, copies of INI files for critical programs,
secret Bank Account numbers, plus anything else that is so critical
your life would be inconvenienced if it were lost. These individual
files should all be stored in a folder called "Safe" on your encrypted
drive. A copy of this folder should be stored on an encrypted CD,
preferably within the hidden part if using DriveCrypt 4.2 and stored
off-site.
If you are going to rely on any variation of the ploys suggested here,
then you should keep this FAQ within your hidden drive.
You need to take further precautions whilst you are online against
threats from hackers and snoops.
20. What are these threats?
They are known as Tempest and Trojan attacks.
21. What is a Tempest attack?
Tempest is an acronym for Transient ElectroMagnetic Pulse Emanation
Surveillance. This is the science of monitoring at a distance
electronic signals carried on wires or displayed on a monitor.
Although of only slight significance to the average user, it is of
enormous importance to serious cryptography snoopers. To minimize a
tempest attack you should screen all the cables between your computer
and your accessories, particularly your monitor. A flat screen (non
CRT) monitor offers a considerable reduction in radiated emissions and
is recommended.
22. What is a Trojan?
A trojan (from the Greek Trojan Horse), is a hidden program that
monitors your key-strokes and then either copies them to a secret
folder for later recovery or sends them to a server when you next go
online. This may be done without your knowledge. Such a trojan may be
secretly placed on your computer or picked up on your travels on the
Net. It might be sent by someone hacking into your computer whilst you
are online, or received by Email.
The United States Government has openly admitted it will be employing
such techniques. They call it Magic Lantern. It was originally
promulgated as a counter-terrorism weapon. But who knows how it will
be used in practice.
In view of these changed tactics, it is mandatory that these possible
attacks be countered. My suggestion is two-pronged. First use DCPP
to enjoy plausible deniability with whole boot drive encryption and
use specialist programs to thwart efforts by hackers and snoops to
break into your system whilst online.
23. How do I do this?
First of all you must have a truly effective firewall. It is not
sufficient for a firewall to simply monitor downloaded data, but to
also monitor all attempts by programs within your computer that may try
and send data out. I recommend Zonealarm. This firewall very cleverly
makes an encrypted hash of each program to ensure that a re-named or
modified version of a previously acceptable program cannot squeeze
through and "phone home". You also need a good anti-virus checker.
But that is but the start. You also need a Web browser that does not
leak information, plus a method of passing data across your ISP's
servers fully encrypted to prevent prying eyes from watching all that
you do on the Net. More about this later in the FAQ.
24. How will I know when a trojan has modified an acceptable
program?
Zonealarm will pop up a screen telling you a changed (or new) program
is trying to connect to the Net and do you wish to allow it. If it is
one of your regular programs, be very wary and always initially say NO
until you can check why this program is not now acceptable to Zonealarm.
If it is a strange program, then obviously say, NO and investigate.
25. What about TrueCrypt and DriveCrypt 4.2?
Both TrueCrypt and DriveCrypt 4.2 offer the prospect of excellent
plausible deniability. No header information and the ability to install
them on an unused partition, perhaps at the end of a large drive. The
passphrase is only held in RAM memory so much more difficult to
compromize. An examination of your drive will only show garbage. This
is certainly not the case with some encryption programs.
DriveCrypt 4.2 also allows the creation of a hidden container within an
existing encrypted container or partition. Excellent plausible
deniability. As with TrueCrypt the passphrase must be input after boot
when Windows is running.
26. How important is the passphrase?
Critically important. It is almost certainly the weakest link in the
encryption chain with most home/amateur users. I provide links at the
end of Part 2 of the FAQ. Some of these should either help directly or
give further links about how to create an effective passphrase.
For the newbies: never choose a single word, no matter how unusual you
think it is. A passphrase must be that, a phrase, a series of words,
characters and punctuation intermixed. One method that I believe would
help is to deliberately mis-spell common words in a phrase. Scruggle
in place of struggle, matrificent in place of magnificent. These could
be the start of a longer phrase. Taking this a step further, invent
words that are pronounceable but totally meaningless for example,
alamissis or grafexion. I recommend a minimum of eight words, but
obviously do not use either of those two. Use four (or more) on each
line with DCPP, together with a few figures.
27. How can I prevent someone using my computer when I am away?
With DCPP nobody can boot into your secret drive. So no problem.
However, if you are truly paranoid (and who isn't?) I would guard
against someone adding a hardware keyboard logger. These can be very
small and easily disguised as an RF trap on the keyboard lead.
Obviously, this is far more likely if your computer is also used by
others or can be accessed by others in your absence.
28. I use the Net for Web browsing, Usenet and Email, am I safe?
Whilst you are online anyone could be monitoring your account. They
do not need access to your computer to do this. They need only to
have access to your ISP. If you live in the British Isles be aware
that all ISP's are required to keep logs of your online activities,
including which Web sites you visit.
To minimize these risks you must encrypt the data passing across your
ISP's servers.
My suggestion is to use a combination of several programs. Each is
easily set up (see Part 2). Between them you will be secure and
anonymous. The best news, all these programs are free and open
source!
29. How is this achieved?
You need four main programs besides the news client such as Agent (my
favorite) and the Web browser such as FireFox (again my favorite) and
the Email client such as Quicksilver, (yes, another favorite).
These programs are: Stunnel, Freecap, Privoxy and Tor.
They are all very easy to use and really can be setup by a newbie if
you follow the setup instructions I offer in Part 2. The best part of
all is they are totally transparent to the user. Once setup there is
no maintenance or searching for proxies, etc. It is all automatic.
30. Tell me more about these programs?
Stunnel encrypts the data between you and your news server and is very
simple to use.
Freecap is also easy to setup and acts as the bridge between Stunnel
and Tor.
Tor is a connection-based low-latency (meaning fast) anonymous
communication system that protects TCP (Transmission Control Protocol)
streams for Usenet, web browsing, instant messaging, irc, ssh, etc.
In basic language Tor is a socks server that accepts and encrypts data
from any program that is "socksified", meaning set up to communicate
with it.
Tor is a new program and is still in Beta development mode. But it is
still a fully functioning Socks proxying system that offers the promise
of great anonymity and privacy. It is free and open source. It is
being improved almost on a daily basis. The latest version now has a
Windows install facility.
Tor will build automatically and transparently to the client (you) an
anonymous and encrypted route across the Net. It uses multiple layers
of encryption, each node only knowing the previous and next node, so
with several nodes your data becomes anonymised. The principle is like
an onion with many layers of encryption and anonymity. Thus it is
called onion routing. Where the data eventually emerges it is sent on
to its destination, perhaps a news server and ordinarily in the clear.
But by using Stunnel, the data will still be encrypted all the way into
the news server or the remailer, whichever you are using.
For Web browsing we need Privoxy. This again acts as a bridge between
your browser and Tor.
A web proxy is a service, based on a software such as Privoxy, that
clients (i.e. browsers) can use instead of connecting directly to the
web servers on the Internet. The clients then ask the proxy to fetch
the objects they need (web pages, images, movies etc) on their behalf,
and when the proxy has done so, it hands the results back to the client.
There are many reasons to use web proxies, such as security
(firewalling), efficiency (caching) and others, and there are just as
many different proxies to accommodate those needs.
Privoxy is a proxy that is solely focused on privacy protection and
junk elimination. Sitting between your browser(s) and the Internet, it
is in a perfect position to filter outbound personal information that
your browser is leaking, as well as inbound junk. It uses a variety of
techniques to do this, all of which are under your control via the
various configuration files and options.
Privoxy will bridge the connection between your browser and Tor the
Socks proxy host. It will minimize pop up ads, etc. But its main
advantage is it will help prevent information leakage from your desktop
to any third party trying to sniff your data. Used in conjunction with
Tor it ensures all your Web browsing is totally anonymous.
There is no need to close Privoxy if you wish to use your news client
or whatever. These programs are totally transparent to you once they
are running.
The best news is, these programs are much faster than the old hand
rolled system of choosing multiple proxies. In the previous version of
this FAQ I had recommended JAP. Tor in conjunction with Stunnel and
Privoxy is much faster. In fact it seems at least on a par with the
fastest SSH host service I have come across. But far superior in terms
of anonymity and especially so because it is free. The only service
you now need to sign up for anonymously is your news provider.
Full setup instructions for these programs are offered in Part 2.
31. Is the data encrypted after it leaves the remote server and Tor?
Yes, provided you are using Stunnel. The only precaution you must take
to ensure both privacy and anonymity, is to ensure you use Stunnel in
combination with FreeCap. More about this in Part 2.
32. How do I subscribe anonymously to a news provider?
Obviously never ever use a credit card. You can either send cash or
some may accept E-Gold. Privacy.Li offer a proxy service on your behalf
to sign you up themselves to your choice of news provider. They offer
their own service but at present it does not allow a secure (SSL)
connection right into the news server.
I believe there are now at least 4 news servers offering Stunnel
encrypted connections through port 563. These are: Easynews, Newscene,
Maganetnews, and Octanews. There are also remailers that accept a
Stunnel encrypted connection, which significantly improves your Email
security. More about this in Part 2.
Privacy.Li will act as a proxy, in this case meaning they will sign you
up anonymously to your choice of news povider, or indeed any other
service you wish. They accept many types of payment, including cash
and E-Gold.
E-Gold is not intended to be anonymous. But provided you sign up
using your choice of details and (most importantly) immediately disable
the security protocols which sense your IP address, you should be Ok.
If you don't you may find your access blocked. With anonymous access
from different IP addresses using Tor, it is very important to do this.
33. How do I create a secure/anonymous Email account with Quicksilver?
I recommend creating a Nym. To do this you should first of all finger
(download) a copy of the Nym help file. Quicksilver will do this for
you if you go to finger on the menu and input [email protected]. Read
it carefully before attempting to create your own Nym. Once you have
decided on your course of action, use the Quicksilver Nym Wizard to
help you create a Nym. It is quite involved because of the necessary
procedures that have to be negotiated with Nym.Alias.Net (often called
NAN). After sending in your create request, you will receive an
Email asking you to confirm receipt. This is to prove your reply
chain back to your normal Email address is working. After you have
sent the confirmation you should receive another Email telling you,
your Nym is alive and active.
Of course you can use Yahoo or Hotmail, but I consider them only soft
anonymous. But they can be hardened by socksifying your connection
using Privoxy and Tor. More about how to do this in Part 2.
34. Can you briefly summarise all the above?
You need PGP and Quicksilver for your Email and DCPP and/or Truecrypt
for encryption of your hard drive. These recommended Programs should
help you achieve a very high level of plausible deniability and privacy.
You need to be anonymous online. To achieve this you need to follow
the suggestions that follow in Part 2. Most importantly You must
subscribe anonymously to your choice of independent news provider.
_________________
by Doctor Who
"No one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and
reputation. Everyone has the right to the protection of the law
against such interference or attacks."
Article 12 Universal Declaration of Human Rights
This FAQ/Tutorial is offered in good faith and is intended to be an
encapsulation of my knowledge and experiences gained over the many
years that I have been a computer/Net user. There are many roads to
security and privacy on the Net, this is just one that I have
personally pursued and can recommend from experiences gained.
There are countless reasons why someone may need the reassurance of
anonymity. The most obvious is as a protection against an over-bearing
Government. Many people reside in countries where human rights are
dubious and they need anonymity to raise public awareness and publish
these abuses to the world at large. This FAQ is to help such people.
Privacy and anonymity are very important principles associated with
both freedom of speech and democracy.
"Anonymity is a shield from the tyranny of the majority... It thus
exemplifies the purpose behind the Bill of Rights, and of the First
Amendment in particular: to protect unpopular individuals from
retaliation - and their ideas from suppression - at the hand of an
intolerant society."
Justice Stevens, McIntyre v. Ohio Elections Commission, 1996
This is a follow-on to the major revision 20. This latest revision
now includes a method for achieving a high level of anonymity for your
Email using Quicksilver.
It is assumed that plausible deniability is an essential requirement to
the reader and the FAQ is slanted with this in mind.
Part 1 offers an overview approach to achieve security and anonymity.
It is intended for the less knowledgeable user, perhaps someone new to
computers and especially the Internet.
This first part can be skipped by the more knowledgeable user.
Part 2. In the second part will be the practical implementations of
some of the programs mentioned in Part 1. In some cases this will
include detailed setup instructions to help achieve the goal of true
computer and Internet privacy and anonymity.
Links to the various programs mentioned are at the end of Part 2.
Part 1
1. How does encryption work?
Essentially the plaintext is combined with a mathematical algorithm
(a set of rules for processing data) such that the original text cannot
be deduced from the output file, hence the data is now in encrypted
form. To enable the process to be secure, a key is combined with this
algorithm. The key is protected by a passphrase. Obviously the
process must be reversible, but only with the aid of the correct key.
Without the key, the process should be extremely difficult. The
mathematics of the encryption should be openly available for peer
review. At first sight this may appear to compromize the encryption,
but this is far from the case. Peer review ensures that there are no
"back doors" or crypto weaknesses within the program. Although the
algorithm is understood, it is the combination of its use with the
passphrase that ensures secrecy.
Thus the passphrase is critical to the security of the data.
2. I want my Hard Drive and my Email to be secure, how can I achieve
this?
You need PGP (Pretty Good Privacy) for your Email and DCPP (DriveCrypt
Plus Pack) version 3.0 or TrueCrypt version 2.1 for your hard drive
encrypted files.
Both DCPP and TrueCrypt are known as OTF (On-The-Fly) type programs.
OTF means the encrypted data is only decrypted into RAM (Random Access
Memory) and remains at all times encrypted on the drive. Thus a crash
close will not leaves packets of plaintext on your drive. A very
important feature.
PGP is available for all versions of Windows, Linux, Unix, Mac and
others. The source code is available for compiling your own version
should you wish.
DCPP is Win2000/NT/XP compliant but not compliant with Win98 or
earlier. Regrettably, no source code is available. It has two unique
advantages over other encryption programs. 1. It is a whole boot drive
encryption program. 2. It offers a form of very good plausible
deniability. More on this later in the FAQ.
TrueCrypt is a new, free and open source program of great promise.
As with DCPP it does not display any file header info to help a snooper
identify the file's purpose. The header is encrypted and just shows as
random garbage. It also allows encryption of a whole partition or
drive and again does not display any info to help an attacker. The
source code is freely available so it means anyone with the ability can
compile the same program. The importance of this cannot be too
strongly stressed. It means the risk of a hidden back-door is
virtually eliminated.
Securstar the owners of DCPP also offer another program somewhat
analogous to Truecrypt. It has the disadvantage of being closed source
and not free, but offers the option of a hidden container within the
outer encrypted container (or partition). It is called somewhat
ambiguously, DriveCrypt.
DCPP, DriveCrypt and TrueCrypt have an additional crucial feature, they
all offer strong plausible deniability - see later in the FAQ.
If the sighting of the source code is important to you, I suggest using
PGP and TrueCrypt.
Note 1: PGP, although excellent to ensure your Email privacy, does
nothing for anonymity. The difference is crucial.
I will assume that anonymity is also very high on your list of needs
and so will concentrate on that issue further down the FAQ.
3. What is the difference between these encryption programs?
One of the difficulties before asymmetrical key encryption was
discovered was how to get the key to the person wanting to send you an
encrypted message. In the past trusted couriers were used to get these
secret keys to a distant location, maybe an overseas embassy. Nowadays
this is unneccessary because of the discovery of what is called public
key cryptography. Two different keys are used. One key is secret and
the other is made public. The most widespread program of this type for
home and private use is PGP, invented by Phil Zimmerman. In fact it
has become the de facto standard on the Net. This program is ideal for
Email.
Anybody sending you mail simply encrypts their message to you with your
PGP public key. It is analogous to someone sending you a box and a
self locking padlock for you to send them secret papers, when only they
have the key to open the box.
The public key is obviously not secret - in fact it may be spread far
and wide so that anybody can find it if they wish to send you encrypted
Email. The easiest way to ensure this is by submitting it to a public
key server. Despite this facility, some prefer not to share their key,
except within a small closed group. Your choice.
The only way to decrypt this incoming message is with your secret key.
It is impossible to decrypt using the same key as was used to encrypt
the message, the public key. Thus it is called asymmetrical encryption.
It is a one way system of encryption, requiring the corresponding secret
key to decrypt. PGP is simplicity itself to install and use. It even
offers to send your newly generated public key to a key server.
Another very important advantage of PGP is it allows the option of a
digital signature. This is the digital equivalent of someone signing
a letter. Only this signature is very difficult to forge, unlike a
paper and ink signature. This proves both the authenticity of a message
and that it has not been tampered with.
For your normal hard drive encryption, you will need a symmetrical type
of encryption program. This means the same key is used for both
encryption and decryption. DCPP and TrueCrypt are of this type and
especially good because they are OTF (On-The-Fly) type programs.
Both DCPP, DriveCrypt and TrueCrypt use the passphrase to encrypt a
randomly created key. In DCPP this is stored encrypted in the keystore
and in DriveCrypt and TrueCrypt it is encrypted within the header and
the plaintext of the key is the device used to encrypt (and decrypt)
the contents of the disk on an as needed basis into RAM memory.
One question often asked by newbies is whether the passphrase is stored
somewhere within the encrypted file. No. The passphrase is passed
through a hash, such as SHA-1. It is the hash output that is stored
within the headers of the encrypted container. The program will
compare this hash with the hash it produces from your passphrase that
you type in to mount (open) the container. If they are identical, the
program will use your passphrase to decrypt the key that the program
generated to encrypt the disk or container. It is this key that will
then be used to decrypt the disk or container on the fly.
Hashing is a one way action only; it is impossible to derive the key
from the hash output. The hashing process is simply a way of checking
that the correct passphrase has been input. If the program was somehow
altered to force it to use an incorrect passphrase, the output would be
garbage.
4. I have Windows, am I safe?
Windows is a closed source operating system which is a law to itself.
Each new update that is released by Microsoft seems to need more
updates to fix the security holes discovered in the first releases of
the update. It has been an ongoing process over many years with no
end in sight.
These weaknesses can manifest themselves as security holes when on the
Net. A further problem with this operating system is its seeming
determination to write to your hard disk all sorts of information that
may be hidden from your view in all sorts of places that could be found
by a forensic examination of your computer.
This is a two fold problem. Firstly, the problem of Windows having
the potential of security holes that might be exploited by snoops and
hackers using the Net and a different security problem of writing all
sorts of information to sometimes hidden folders that might not be
obvious by a cursory check by you, but easily found by a forensic
examination.
If you wish to protect yourself from these potential weaknesses you need
to first of all have an effective firewall and an effective anti-virus
program. That will hopefully help to minimize the threats from outside.
That is only the start. You also need to replace your Windows Internet
Explorer browser for something a lot more secure. I like FireFox or
Mozilla. Even these need strengthening by the use of specialist
programs. More about that later in the FAQ.
Secondly, you are well advised to encrypt your whole drive to protect
yourself from what Windows will write to your hard drive. There are
so-called wipe and cleaner programs to remove cookies and many other
files that Windows will save to your hard drive for future reference.
But at the end of the day, the only truly effective counter measure
against these potential weaknesses is to encrypt your whole boot drive.
In some countries, even this might not be enough. Such countries can
force you to hand over your passphrases to these encrypted drives on
pain of imprisonment. As more and more judicial systems seem to be
leaning ever closer to this sort of injustice (injustice because the
culprit is being forced to self-incriminate himself which is in direct
violation of Article 5 of the Bill of Rights. The right to refuse to
be a witness against oneself.)
Because of these encroachments on our liberty I propose a method of
plausible deniability. This means you can justify all your files and
folders that are on your computer.
5. Which program do you recommend for this whole drive encryption?
Unfortunately, there is at present no modern whole boot drive
encryption program with open source which also allows a hidden
operating system accessible on boot. Of the many different boot drive
encryption programs, I like DCPP. It is truly simple to install. The
new and vastly improved key registration process is helpful. But best
of all it offers truly excellent plausible deniability for its
presence on your system.
It encrypts the whole partition. So if you want to keep part of your
drive in plaintext you will need to divide your hard drive into
independent partitions or have two separate hard drives. Unlike both
DriveCrypt and TrueCrypt, it does not destroy the data within the
partition it encrypts. This is obviously essential as its main
advantage is its ability to encrypt your boot drive.
A further major advantage over previously recommended encryption
programs is that the passphrase is input at Bios level, before Windows
is loaded.
The importance of this is difficult to over-emphasize.
This means it is impossible for any software key-logging program that
may be on your computer to detect your passphrase. Such programs are
sometimes picked up on the Net or arrive via Email and could circumvent
all your efforts at security. It is even conceivable that a snooper or
hacker could steal your passphrase as you type it in, if this is done
whilst the operating system is running. I am sure someone will mention
that there are hardware keyboard logging devices which of course could
grab your passphrase when you start up.
However, common sense local site security should minimize this risk.
A Bios level input of the passphrase in conjunction with whole boot
drive encryption is just about the Holy Grail of security - without
a hardware keyboard logging device, very difficult to intercept and
snoop.
6. Are there other OTF programs?
Yes, there are several. But so far as I know only DCPP operates from
boot and includes the opportunity of creating a second (hidden) boot
operating system.
Others, such as TrueCrypt only encrypt data files, not the Windows
operating system.
TrueCrypt also offers strong plausible deniability because it allows
you to encrypt a partition that appears to be unused and without a
drive letter. The method of ensuring this is simply explained in the
manual that accompanies TrueCrypt. The author must be congratulated
for doing an excellent job of this program.
It is important to note that just simply publishing the source code
does not guarantee safety. It just means the author is allowing his
program to be subjected to peer review. Hopefully many will take the
trouble to go through the code and compile it for themselves.
7. How difficult is it to break one of these programs?
Very difficult, in fact for all practical purposes, it is considered
impossible. In most cases, the weakest link will be your passphrase,
or being compromized by a key-logger through not having good security
on your desktop.
Your passphrase should be long. Remember, every extra character you
enter makes a dictionary search for the right phrase twice as long.
Each time a bit is added it doubles the number crunching time to
crack into the program.
Each keyboard character roughly equates to 8 bits, and is represented
on the drive as two hexadecimal characters. This suggests a 20
character passphrase is equal strength to the encryption. In practice,
probably not. Remember a keyboard has around 96 different combinations
of key strokes, thus multiplying this number by itself 20 times is a
hugely large combination, ensuring a high probability of defeat at
guessing a passphrase. But few people can remember a truly random 20
character passphrase. So most people use a less than random one. This
means it should be longer to help compensate for this lack of entropy.
You should also use at least part of both lines of the passphrase
input screen with DCPP. If you like, two passphrases.
8. Why?
Because any passphrase cracker cannot find the correct key until it
has exhausted a key search as wide as the last character you enter. A
strong hint that you should make sure the last character of your
passphrase is well along the bottom line! For higher security you
should spread it around on both lines.
Although TrueCrypt has a single line entry it will accept a long
passphrase of at least 57 characters from my simple tests.
Be sure that if any serious snooper wants to view your secret data,
they will find a way without wasting their time attempting a brute
force attack upon your DCPP or TrueCrypt container. In some countries
rubber hose cryptography may be the rule. In some "civilized"
countries there are more sinister methods, such as tempest or the use
of a trojan (see later in FAQ).
Fortunately, tempest and trojan attacks are far less likely to succeed
against DCPP than all the other programs. Hence my strong and
enthusiastic support for this program.
9. What about simple file by file encryption?
I recommend either PGP Tools which comes free with PGP or Kremlin. Of
course this is not necessary for files within your encrypted drive.
But is essential to clear files off your computer that are outside your
encrypted drive.
PGP Tools is a long winded process just to encrypt a single file, as it
asks you to first choose a key before entering the passphrase. Kremlin
is quicker because it allows you to right click on the file to be
encrypted, a password box opens and that is it. It also similarly
allows you to wipe any file by right clicking. This can also be done by
PGP. Another recommended program to erase individual files is Eraser.
10. How can I encrypt files on a floppy?
Use either TrueCrypt, DCPP, PGP Tools or Kremlin.
11. Does using Encryption slow things up?
Negligibly on any modern computer. The length of your passphrase is
immaterial to the speed of decryption. But different encryption
algorithms vary significantly. One of the fastest is Twofish and
probably the slowest is 3DES (triple DES). This applies only to
symmetrical encryption programs. PGP uses RSA generated keys, which
in turn are used to encrypt/decrypt a randomly generated session key.
The RSA key is very slow, but as it is only used to encrypt/decrypt the
128 bit CAST5 or IDEA session key its slowness is not noticed.
12. Do I need a PGP passphrase if I store my keyrings within my
encrypted drive?
Definitely. Just because you have encrypted your drive does not relieve
you of the necessity of protecting yourself whilst online.
13. I use Mac, OS2, Linux, (fill in your choice), what about me?
Use either BestCrypt (by Jetico - do a Google search) or PGPDisk.
There are others, but I know nothing about them.
14. How can I ensure I do not leave traces of unwanted plaintext
files on my system?
If you are using DCPP this should not be a problem. But one thing
that needs addressing is the possibility of Windows dumping your
keyfile data which is held in RAM memory only, onto the encrypted
drive. To avoid this catastrophe you must disable the Windows
hibernation (power saving) feature. When Windows goes into
hibernation it will dump everything that is in RAM memory onto the
boot drive by-passing the DCPP drivers. By-passing these drivers
means it writes everything to disk in plaintext including the keyfile
data, which unlocks your most secret partition. This will defeat the
whole purpose of having encryption.
Although your whole drive will be encrypted I would still install a
program to clean out bloat and cookies. My recommendation for this is
Windows Washer.
To wipe unused space on your drive I recommend Zapempty. Although a
Dos based program, it runs easily even within Win XP. This is a part
of a zipped file of wipe utilities called Wipeutil.zip Extract
Zapempty onto the drive you wish to clean up and double click on it.
I recommend keeping copies in the root of every partition on your
computer.
15. What programs do I put in my newly Encrypted Drive?
In previous versions of this FAQ I was wary that some programs might
write critical data to your boot drive. However, this is far less of
a security risk with it being encrypted. What is far more important now
is that these programs do not leak private information whilst you are on
the Net. For what it is worth, here are some I recommend:
For your Web browsing I strongly recommend FireFox or Mozilla as the
browser. Anything other than Microsoft Internet Explorer.
For Usenet I recommend either Agent or Gravity or Xnews. These latter
two are free.
Agent is simple and very easy to use. The commercial version also
supports automatic decoding of yEnc coded files.
For your Email I have 2 different recommendations:
i. Agent, as mentioned above
ii. Quicksilver
Quicksilver is both open source and free.
Do not use Outlook or Outlook Express as they both suffer from the
usual Windows holes.
Use Quicksilver for both Email and light Usenet posting with strong
anonymity via the Mixmaster remailer system. When downloading
Quicksilver, remember to run update immediately after installation,
to download and install the Zipped files for News, Nym, POP and PGP
and Mixmaster. Quicksilver will offer to install all downloaded files
for you.
Both of these programs will also work with PGP. Agent will require
you to copy and paste, but Quicksilver has built-in support and works
seamlessly with PGP. I particularly commend Quicksilver for its
intuitive ease of use. This makes Nym maintenance much simpler.
I used to recommend JBN, but it is slowly becoming obsolescent. It is
not fully compatible with PGP versions 7 or later and does not support
SMTP (Simple Mail Transfer Protocol) authentication. But it is still
the favorite of many.
You must also have a virus checker and a firewall. For the virus
checker, I use Norton's. This will also find adware and spyware. For
the firewall I recommend Zonealarm.
Remember, just because your drive is encrypted does not relieve you
of an obligation to cover your tracks whilst Online.
16. How do I "cover my tracks"?
Never surf naked. Always, always use a proxy. There are now easy ways
to use a proxy. In the early days it was necessary to find and hand
select the proxies you wished to use. This was a laborious process
and needed expert knowledge of which programs to use to find and
exploit them. Some still prefer to do it this way. I call it rolling
your own. It has the distinct advantage of user choice and control
over each proxy to be used in a chain. However, this may offer
anonymity, but not necessarily privacy. Meaning no encryption. I like
privacy and anonymity, so I use other methods - see later in FAQ. The
suggested method also has the merit of ease of use and total
transparency once the programs are set up.
17. Earlier on you mentioned plausible deniability, what is it?
Plausible deniability is the ability to offer irrefutable justification
for every single file, folder, container, partition and drive that
might contain encrypted data. DCPP version 3.0 offers a world first
because it allows dual booting into either of two entirely separate
boot operating systems, each invisible to the other. One of these may
be called your honeypot operating system, meaning it contains encrypted
data that you are prepared to show under duress. The second (hidden)
operating system will contain your most secret data that you never
release. Its presence can only be known by correctly guessing the
second secret passphrase for that operating system. No other way
exists to prove there is a second operating system. Examination by
forensics of your first encrypted boot drive can only show the usual
random data that is associated with an encrypted drive. Nothing else.
This is excellent plausible deniability.
18. What if encryption is illegal in my country?
In that case, I suggest using the stego feature of DriveCrypt. But
ensure you create your own WAV file, by making your own recording.
Once the stego encrypted file is created within the WAV file, make sure
to wipe the original recording to prevent forensic analysis showing
their low level data are not identical.
Of course, you will need to install DriveCrypt in traveller mode. This
means running it off a floppy. But you will still need to hide the
floppy effectively in the case of a search. I am sorry I cannot help
you here. It must be down to your own initiative.
19. Are there any other precautions I should take?
Make copies of all your PGP keys, a text file of all your passwords and
program registration codes, copies of INI files for critical programs,
secret Bank Account numbers, plus anything else that is so critical
your life would be inconvenienced if it were lost. These individual
files should all be stored in a folder called "Safe" on your encrypted
drive. A copy of this folder should be stored on an encrypted CD,
preferably within the hidden part if using DriveCrypt 4.2 and stored
off-site.
If you are going to rely on any variation of the ploys suggested here,
then you should keep this FAQ within your hidden drive.
You need to take further precautions whilst you are online against
threats from hackers and snoops.
20. What are these threats?
They are known as Tempest and Trojan attacks.
21. What is a Tempest attack?
Tempest is an acronym for Transient ElectroMagnetic Pulse Emanation
Surveillance. This is the science of monitoring at a distance
electronic signals carried on wires or displayed on a monitor.
Although of only slight significance to the average user, it is of
enormous importance to serious cryptography snoopers. To minimize a
tempest attack you should screen all the cables between your computer
and your accessories, particularly your monitor. A flat screen (non
CRT) monitor offers a considerable reduction in radiated emissions and
is recommended.
22. What is a Trojan?
A trojan (from the Greek Trojan Horse), is a hidden program that
monitors your key-strokes and then either copies them to a secret
folder for later recovery or sends them to a server when you next go
online. This may be done without your knowledge. Such a trojan may be
secretly placed on your computer or picked up on your travels on the
Net. It might be sent by someone hacking into your computer whilst you
are online, or received by Email.
The United States Government has openly admitted it will be employing
such techniques. They call it Magic Lantern. It was originally
promulgated as a counter-terrorism weapon. But who knows how it will
be used in practice.
In view of these changed tactics, it is mandatory that these possible
attacks be countered. My suggestion is two-pronged. First use DCPP
to enjoy plausible deniability with whole boot drive encryption and
use specialist programs to thwart efforts by hackers and snoops to
break into your system whilst online.
23. How do I do this?
First of all you must have a truly effective firewall. It is not
sufficient for a firewall to simply monitor downloaded data, but to
also monitor all attempts by programs within your computer that may try
and send data out. I recommend Zonealarm. This firewall very cleverly
makes an encrypted hash of each program to ensure that a re-named or
modified version of a previously acceptable program cannot squeeze
through and "phone home". You also need a good anti-virus checker.
But that is but the start. You also need a Web browser that does not
leak information, plus a method of passing data across your ISP's
servers fully encrypted to prevent prying eyes from watching all that
you do on the Net. More about this later in the FAQ.
24. How will I know when a trojan has modified an acceptable
program?
Zonealarm will pop up a screen telling you a changed (or new) program
is trying to connect to the Net and do you wish to allow it. If it is
one of your regular programs, be very wary and always initially say NO
until you can check why this program is not now acceptable to Zonealarm.
If it is a strange program, then obviously say, NO and investigate.
25. What about TrueCrypt and DriveCrypt 4.2?
Both TrueCrypt and DriveCrypt 4.2 offer the prospect of excellent
plausible deniability. No header information and the ability to install
them on an unused partition, perhaps at the end of a large drive. The
passphrase is only held in RAM memory so much more difficult to
compromize. An examination of your drive will only show garbage. This
is certainly not the case with some encryption programs.
DriveCrypt 4.2 also allows the creation of a hidden container within an
existing encrypted container or partition. Excellent plausible
deniability. As with TrueCrypt the passphrase must be input after boot
when Windows is running.
26. How important is the passphrase?
Critically important. It is almost certainly the weakest link in the
encryption chain with most home/amateur users. I provide links at the
end of Part 2 of the FAQ. Some of these should either help directly or
give further links about how to create an effective passphrase.
For the newbies: never choose a single word, no matter how unusual you
think it is. A passphrase must be that, a phrase, a series of words,
characters and punctuation intermixed. One method that I believe would
help is to deliberately mis-spell common words in a phrase. Scruggle
in place of struggle, matrificent in place of magnificent. These could
be the start of a longer phrase. Taking this a step further, invent
words that are pronounceable but totally meaningless for example,
alamissis or grafexion. I recommend a minimum of eight words, but
obviously do not use either of those two. Use four (or more) on each
line with DCPP, together with a few figures.
27. How can I prevent someone using my computer when I am away?
With DCPP nobody can boot into your secret drive. So no problem.
However, if you are truly paranoid (and who isn't?) I would guard
against someone adding a hardware keyboard logger. These can be very
small and easily disguised as an RF trap on the keyboard lead.
Obviously, this is far more likely if your computer is also used by
others or can be accessed by others in your absence.
28. I use the Net for Web browsing, Usenet and Email, am I safe?
Whilst you are online anyone could be monitoring your account. They
do not need access to your computer to do this. They need only to
have access to your ISP. If you live in the British Isles be aware
that all ISP's are required to keep logs of your online activities,
including which Web sites you visit.
To minimize these risks you must encrypt the data passing across your
ISP's servers.
My suggestion is to use a combination of several programs. Each is
easily set up (see Part 2). Between them you will be secure and
anonymous. The best news, all these programs are free and open
source!
29. How is this achieved?
You need four main programs besides the news client such as Agent (my
favorite) and the Web browser such as FireFox (again my favorite) and
the Email client such as Quicksilver, (yes, another favorite).
These programs are: Stunnel, Freecap, Privoxy and Tor.
They are all very easy to use and really can be setup by a newbie if
you follow the setup instructions I offer in Part 2. The best part of
all is they are totally transparent to the user. Once setup there is
no maintenance or searching for proxies, etc. It is all automatic.
30. Tell me more about these programs?
Stunnel encrypts the data between you and your news server and is very
simple to use.
Freecap is also easy to setup and acts as the bridge between Stunnel
and Tor.
Tor is a connection-based low-latency (meaning fast) anonymous
communication system that protects TCP (Transmission Control Protocol)
streams for Usenet, web browsing, instant messaging, irc, ssh, etc.
In basic language Tor is a socks server that accepts and encrypts data
from any program that is "socksified", meaning set up to communicate
with it.
Tor is a new program and is still in Beta development mode. But it is
still a fully functioning Socks proxying system that offers the promise
of great anonymity and privacy. It is free and open source. It is
being improved almost on a daily basis. The latest version now has a
Windows install facility.
Tor will build automatically and transparently to the client (you) an
anonymous and encrypted route across the Net. It uses multiple layers
of encryption, each node only knowing the previous and next node, so
with several nodes your data becomes anonymised. The principle is like
an onion with many layers of encryption and anonymity. Thus it is
called onion routing. Where the data eventually emerges it is sent on
to its destination, perhaps a news server and ordinarily in the clear.
But by using Stunnel, the data will still be encrypted all the way into
the news server or the remailer, whichever you are using.
For Web browsing we need Privoxy. This again acts as a bridge between
your browser and Tor.
A web proxy is a service, based on a software such as Privoxy, that
clients (i.e. browsers) can use instead of connecting directly to the
web servers on the Internet. The clients then ask the proxy to fetch
the objects they need (web pages, images, movies etc) on their behalf,
and when the proxy has done so, it hands the results back to the client.
There are many reasons to use web proxies, such as security
(firewalling), efficiency (caching) and others, and there are just as
many different proxies to accommodate those needs.
Privoxy is a proxy that is solely focused on privacy protection and
junk elimination. Sitting between your browser(s) and the Internet, it
is in a perfect position to filter outbound personal information that
your browser is leaking, as well as inbound junk. It uses a variety of
techniques to do this, all of which are under your control via the
various configuration files and options.
Privoxy will bridge the connection between your browser and Tor the
Socks proxy host. It will minimize pop up ads, etc. But its main
advantage is it will help prevent information leakage from your desktop
to any third party trying to sniff your data. Used in conjunction with
Tor it ensures all your Web browsing is totally anonymous.
There is no need to close Privoxy if you wish to use your news client
or whatever. These programs are totally transparent to you once they
are running.
The best news is, these programs are much faster than the old hand
rolled system of choosing multiple proxies. In the previous version of
this FAQ I had recommended JAP. Tor in conjunction with Stunnel and
Privoxy is much faster. In fact it seems at least on a par with the
fastest SSH host service I have come across. But far superior in terms
of anonymity and especially so because it is free. The only service
you now need to sign up for anonymously is your news provider.
Full setup instructions for these programs are offered in Part 2.
31. Is the data encrypted after it leaves the remote server and Tor?
Yes, provided you are using Stunnel. The only precaution you must take
to ensure both privacy and anonymity, is to ensure you use Stunnel in
combination with FreeCap. More about this in Part 2.
32. How do I subscribe anonymously to a news provider?
Obviously never ever use a credit card. You can either send cash or
some may accept E-Gold. Privacy.Li offer a proxy service on your behalf
to sign you up themselves to your choice of news provider. They offer
their own service but at present it does not allow a secure (SSL)
connection right into the news server.
I believe there are now at least 4 news servers offering Stunnel
encrypted connections through port 563. These are: Easynews, Newscene,
Maganetnews, and Octanews. There are also remailers that accept a
Stunnel encrypted connection, which significantly improves your Email
security. More about this in Part 2.
Privacy.Li will act as a proxy, in this case meaning they will sign you
up anonymously to your choice of news povider, or indeed any other
service you wish. They accept many types of payment, including cash
and E-Gold.
E-Gold is not intended to be anonymous. But provided you sign up
using your choice of details and (most importantly) immediately disable
the security protocols which sense your IP address, you should be Ok.
If you don't you may find your access blocked. With anonymous access
from different IP addresses using Tor, it is very important to do this.
33. How do I create a secure/anonymous Email account with Quicksilver?
I recommend creating a Nym. To do this you should first of all finger
(download) a copy of the Nym help file. Quicksilver will do this for
you if you go to finger on the menu and input [email protected]. Read
it carefully before attempting to create your own Nym. Once you have
decided on your course of action, use the Quicksilver Nym Wizard to
help you create a Nym. It is quite involved because of the necessary
procedures that have to be negotiated with Nym.Alias.Net (often called
NAN). After sending in your create request, you will receive an
Email asking you to confirm receipt. This is to prove your reply
chain back to your normal Email address is working. After you have
sent the confirmation you should receive another Email telling you,
your Nym is alive and active.
Of course you can use Yahoo or Hotmail, but I consider them only soft
anonymous. But they can be hardened by socksifying your connection
using Privoxy and Tor. More about how to do this in Part 2.
34. Can you briefly summarise all the above?
You need PGP and Quicksilver for your Email and DCPP and/or Truecrypt
for encryption of your hard drive. These recommended Programs should
help you achieve a very high level of plausible deniability and privacy.
You need to be anonymous online. To achieve this you need to follow
the suggestions that follow in Part 2. Most importantly You must
subscribe anonymously to your choice of independent news provider.
_________________
