Practicing privacy: Encryption

[article index] [] [@mattmight] [+mattmight] [rss]

In honor of July's resolution, "Focus on security," I've prepared this article on the basics of using encryption.

Encryption makes privacy a right that can be claimed rather than granted.

Plenty of others have weighed in on the merits of encryption and its importance in modern times.

I won't weigh in further.

This article is a quick summary of basic encryption tools for protecting your data and your privacy. The goal is to raise awareness of these tools.

What is encryption?

The best way to prevent others from snooping on your communication or accessing your private data is to use strong encryption.

Encryption locks data with a key, so that only someone with a suitable key can unlock it.

[In practice, a password will determine or provide access to the key.]

There are two kinds of encryption: symmetric and public-key.

In symmetric encryption, the key to lock and unlock are the same.

In public-key encryption, the key to lock and unlock are different. The enabling constraint of public-key encryption is that it is infeasible to unlock a message with only the locking key.

When using symmetric encryption between two parties, they must have previously agreed on a secret key to share. Symmetric key encryption is also useful when hiding data from other parties.

With public-key encryption, it is possible for two parties that have never met previously to communicate securely: they can exchange their locking keys with each other, but keep their unlocking keys secret.

Choosing and managing passwords

If your data is protected by a weak password (which is used to determine or access the encryption key), then the encryption is worthless.

In choosing a password, it's important to follow principles.

Never use the same password twice

For every account you have, you must use a different password.

Re-using a password between two accounts means that your password is only as secure as the least secure of the two accounts.

For example, if you use the password "foobar123" with both amazon.com and overnightwormshipping.com, then if overnightwormshipping.com is compromised and account passwords are obtained, the attackers have also compromised your amazon.com account.

Use a password manager

Password managers help securely store passwords for all of your accounts.

I recommend PasswordSafe and its derivatives:

Security expert Bruce Schneier developed PasswordSafe based on the strong, open Twofish encryption protocol.

There is no known cryptanalytic attack on Twofish.

The pwSafe applications support storing the encrypted password database on DropBox, which is convenient.

Be forewarned that if you keep the database on DropBox, you must choose a strong master password for the database.

Use a long password

Password-cracking technology has lept forward in recent years, so long passwords are critical.

By long, I mean greater than 16 characters, and perhaps longer than 20.

Use a random password

Randomly generated passwords are more difficult to crack.

Don't use words or "clever" variations on words (e.g. l0ve) in your passwords: this makes your password vulnerable to permutation-driven dictionary attacks.

If you use a password manager, you're liberated from the constraint of having to remember it, so you can use randomly generated passwords.

Encryption tools

There are a variety of free and open encryption tools.

Many existing applications support open cryptographic standards, and many that don't often have plug-ins to enable this functionality.

I'll run through some tools and the functionality they offer.

GnuPG

GNU Privacy Guard (GnuPG or GPG) follows the OpenPGP specification and is interoperable with other PGP implementations.

OpenPGP is an encrypted message interchange format intended for but not restricted to email. It supports both symmetric and public-key encryption.

GnuPG packages are available for Windows, Linux and Mac OS X.

There are several email plug-ins that simplify sending and receiving encrypted mail:

Symmetric encryption

With GPG, it's easy to symmetrically encrypt a single file with a passphrase:

 $ gpg -c filename

And, it's just as easy to decrypt:

 $ gpg filename.gpg

In both cases, it will prompt you for a passphrase.

Generating your own public/private keypair

You can also create a public/private key pair which would allow others to send you encrypted email:

 $ gpg --gen-key

Make sure you choose a strong passphrase to protect your private key!

I recommend having your key expire after 2-3 years. This gives you a measure of protection against advancing strength in cracking keys.

Exporting your public key

If you want to give an individual your public key, you can export it as text:

 $ gpg --armor --export your@email.address > keyfile

Then, you can send keyfile to someone or post it on your web page.

Importing someone's public key

My public key is available here and in the MIT PGP server.

If you obtain someone's public key, you can import it with:

 $ gpg --import keyfile

Encrypting a message with a public key

You can encrypt a file named filename meant for her@email.address with:

 $ gpg --output filename.gpg --encrypt \
       --recipient her@email.address filename

And send them filename.gpg.

Backing up your secret key

You can back up your secrets keys with:

 $ gpg --export-secret-keys > secret.gpg

Then, store secret.gpg on an encrypted back-up drive or in a USB stick in a physical safe.

As an extreme measure, you could dump it out in ASCII form:

 $ gpg --export-secret-keys --armor 

and print it.

You must securely back up your secret keys. If you lose it, you will lose the ability to decrypt your messages and revoke your key.

You will also need to export your secret keys to transfer them to tools like Mailvelope.

TrueCrypt

TrueCrypt provides cross-platform virtual disk-encryption capabilities.

For instance, with TrueCrypt, you can create encrypted disk images and encrypted USB drives.

If you need to be able to read and write an encrypted disk image on multiple platforms, TrueCrypt is a good choice.

TrueCrypt also provides the ability to create hidden volumes within encrypted disk images.

In this case, there will be two passwords for the disk image: one to unlock the decoy data, and a hidden volume password that unlocks the real data.

Critically, it is impossible to tell if a TrueCrypt image contains a hidden volume, unless you know the hidden password.

Secure Shell

For secure access to and administration of remote systems, secure shell (SSH) is a powerful tool.

In its basic usage, SSH provides an encrypted terminal session on a remote machine.

But, SSH also provides services like secure file transfer and secure proxying.

I've written a separate article on SSH that covers this tool in more depth.

Private browsing

Encryption can keep your web browsing safe from eavesdroppers, but caution must be taken.

Using encrypted connections: HTTPS

Most major websites support HTTPS--an encrypted, authenticated communication protocol for the web.

Using HTTPS is as simple as changing http:// to https:// most of the time.

If the site supports HTTPS, it should work, and your connection to the site is now encrypted.

And, it should provide reasonable certainty that you have connected to the true owner of that domain.

Certificate errors

Sometimes, connecting via HTTPS yields a certificate error.

A certificate error means that the browser could not validate that the site to which you are attempting to connect is the true owner of that site.

Certificates rely on digital signatures to authenticate.

In general, don't proceed if you get a certificate error.

If the certificate is expired, contact the site administrator (by phone or in person).

If the certificate is unsigned, then you can't be sure that you're connecting to the real site -- an attacker in the middle could be posing as the real site.

If the certificate is signed for the wrong domain, then there is probably a configuration error on the other end, and you should not continue the session. [These days, this error is most commonly seen when you're connected to a public wi-fi network, but before you authenticate.]

Of course, it's possible (if unlikely) that an attacker could obtain a forged, signed certificate and pose as the site to which you're attempting to connect.

If you're concerned, you can contact the site administrator (preferrably by phone) to request the SHA1 and MD5 fingerprints of their real certificate.

Check that those fingerprints match the certificate on your computer.

Avoiding tracking

HTTPS will hide the content of your communication, but it will not hide the metadata: to whom you connected, when you connected and how much data you exchanged.

If you need to hide the fact that your computer is connecting to a particular site, you can use either a virtual private network (VPN) or a system like Tor.

A virtual private network routes all of your traffic through a remote machine, so that your computer will appear to be the remote machine from the perspective of an eavesdropper.

Be careful in your selection of a VPN provider, and note their logging policy and any legal restrictions they face in their home country.

Tor is an open network of encrypted relays similar to a virtual private network. Tor routes your traffic through several intermediate nodes so that the machine from which your traffic ultimately emanates does not even know whom you are.

In theory, Tor provides truly anonymous browsing, but precautions must be taken (e.g. routing DNS through Tor and disabling browser plug-ins, cookies, javascript and java) to ensure that no information is coerced from your machine.

Non-cryptographic privacy concerns

Web sites often use "cookies" to store data on your web browser.

Every time you connect to a web site, your browser transmits cookies associated with that web site.

Cookies have a legitimate purpose in allowing sites to pre-populate login information and maintain session state.

Unfortunately, malicious agents can abuse them to track you.

It is worth reviewing the cookie (and general privacy settings) in your browsers to ensure minimal leakage of your browsing habits.

Cloud services

There are now some privacy-conscious cloud providers that employ encryption to ensure that your data is protected, even in the cloud.

Be warned that any time you're putting data in the cloud, you're putting trust in the provider, even if your data is encrypted.

You're trusting that they won't include a monitor in their client software, and that they've chosen strong and proper encryption.

That said, if you must keep your data in the cloud, you're certainly better off with one that emphasizes encryption over one that doesn't use any.

SpiderOak

SpiderOak operates much like DropBox, except that your data is encrypted in the cloud. SpiderOak cannot see your data, and could not provide access to it, even under duress.

Clipperz

Clipperz is a browser-based password manager.

It stores your passwords, encrypted, in the cloud, and decrypts them only on the client using JavaScript.

Tarsnap

For an online, encrypted backup service, Tarsnap or Least Authority seems to be the best option, but I have not used either myself.

Mac OS X security tools

Mac OS X comes with several encryption tools and features.

Disk utility

With Disk Utility, you can create encrypted disk images (but these will only be readable on Mac OS X).

Disk Utility can also create entire encrypted partitions.

FileVault

Under System Preferences, you can enable FileVault full-disk encryption.

FileVault can perform the initial encryption while you work, so there's no loss in productivity. It works silently behind the scenes.

I've used FileVault for years without even noticing its operation.

FileVault provides peace of mind that data is secure in the event of a lost laptop.

However, FileVault is only as strong as the weakest account password: if any user account has a weak password, then it will decrypt the entire disk.

Make sure all users have strong passwords!

Secure text entry

For extra protection against keyloggers, applications like Terminal support Secure Text Entry, which routes keyboard input directly to the application.

You must enable Secure Text Entry.

Further reading

Bruce Schneier's Applied Cryptography is one of the classic technical introductions to the field of cryptography:

It's a great book if you're ready to go deeper.

The EFF's surveillance self-defense project provides an excellent overview of many practical aspects of protecting your privacy.

Related pages


[article index] [] [@mattmight] [+mattmight] [rss]