DOCSLIB.ORG

Cryptographic Tools for Everyday Use

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cryptographic Tools For Everyday Use Aleksandar Nikoli´c University of Novi Sad Faculty of Technical Sciences Chair of Informatics [email protected] April 12, 2013 Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 1 / 28 Overview 1 Introduction 2 The Tools Pretty Good Privacy TrueCrypt OpenVPN Tor 3 Conclusion Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 2 / 28 Introduction Introduction What is this lecture about? Introducing the tools everybody can use and benefit from. Practical lecture - hands-on approach. Open Source, Free, High-grade Cryptographic tools: Encrypted eMail TrueCrypt OpenVPN Tor Project Cipherpunks and Cryptowars Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 3 / 28 Introduction Cypherpunks and Cryptowars In early 90ies, governments wanted to regulate the use and export rights for cryptographic code. Many individuals and organizations concerned with their privacy and protecting their data were engaged in a struggle against these governmental initiatives. Cypherpunk is an activist that advocates the use and availability of strong cryptography for privacy, security, and as means against censorship. To some degree, cypherpunks have won the cryptowars and enabled the availability of strong ciphers for everybody. Well, almost everybody. Some governments still limit the strength of ciphers their citizens can use. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 4 / 28 Introduction Notable cypherpunks are Matt Blaze (Clipper chip flaw), Daniel J. Bernstein (Export laws), Philip Zimmermann (PGP Book). Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 5 / 28 The Tools Cypherpunks and Cryptowars In this section, we will introduce a few freely available cryptographic tools that can make your life easier and less worrisome. For each tool, we will present a hypothetical situation where it can be useful. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 6 / 28 The Tools Pretty Good Privacy Pretty Good Privacy Securing email communication Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 7 / 28 The Tools Pretty Good Privacy What problems are we trying to solve? Say your inbox falls into the wrong hands. Lets assume you keep your eMail account secure, but people you send eMail to might not. Mail can be intercepted. Mail sender and other data can be faked. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 8 / 28 The Tools Pretty Good Privacy Pretty Good Privacy - Secure eMail Developed by Phil Zimmerman. Allows both signing and encryption of eMail communication. Relies on the Web Of Trust. Can be used for other purposes as well. OpenPGP standard. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 9 / 28 The Tools Pretty Good Privacy Pretty Good Privacy - How it works? You create public/private key pair. Public key can be published on key servers. http://pgp.mit.edu/ http://keyserver.pgp.com Use private key to sign eMails. Recipient uses your public key to verify. Use recipients public key to encrypt. Recipient can decrypt using his own private key. How/why do we trust the keys? Exchanged either personally or over a secure channel. Or rely on the Web Of Trust. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 10 / 28 The Tools Pretty Good Privacy Thunderbird + Enigmail Thunderbird - free/open source email client. Enigmail - free/open source plugin for Thunderbird. Uses GPG and offers email encryption, signing, verification and key management. Easy key pair generation, publication, key importing. Lets see it in action! Install the tools. Generate the keys. Send and receive encrypted/signed mail. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 11 / 28 The Tools Pretty Good Privacy My PGP Info PGP ID: 0xC328C4D0 - can be used to find my key on the servers. Fingerprint: BEFA 4A5F 902D C9CB 887E 3D54 3DDB D334 C328 C4D0 Public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.0 mQENBEiGI4oBCADp+fRsRevEhZAq+9pU4/5gpCZr3soKARWsHUIEzq14gTgQvEjKBivNss7F +NV35A/09Qgwanjo6lUKZy/oF1y6PChyJrhpeP1ub1Xx2vrtEA24fLBgcv/gmShOY+PlJOUl 4NJrwIOq6NEBJ8sGMXRrBpl5K8yPfbEc6LNa4JRIvKZxT1qdeGzM+tm3FFWOQHIxqTWlBncM vO4pWmoqjbdAFvx/iDgDWma/3PbdQ4UEjOQdHpuvxEJOgHiTDqjK6gh9NK/hbqCKsBIEGrGf SWlCNcTD6wLtTXF79N4iRYgbG/3piJDBNq3zwBaRI5c3mdWBGKPF8yDxR509cIt63IvFABEB AAG0J0FsZWtzYW5kYXIgTmlrb2xpYyA8YW5pa29saWNAdW5zLmFjLnJzPokBNgQTAQIAIAUC TBiGKwIbLwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJED3b0zTDKMTQp2oIALn4rfvFgPjx Wds2Bd3FxqspgVNdYSHTgpQhNwEMy1hfo1W7umx+e27A3UB7ScG97VoQRCgSZ506Rf8q8+QM XoPEsJZz6IJbd1b5YmmEN3mMZ3l1gNVt0hSRz6A4h/+Lq5cBg7G2xsv/rHfnxtzH9kjVe74Q k0ItXweG5mZR1/PnnpW/JyUcmBp0jKCVgXf5pwdP5Ntqg6SirG9I8thdxmwzuL2hBHbvh6iW dk5v6Px9Jwx3s0FNDFyMH0LEDPPfmpRUVsDhiNefQx68raFqBYha0OBNfUYowkYAZ9EHZK0Q OcOBnw04DMt5TefD0BjbzgcJ9GDWEfyqzWfn6YBXZAS0K0FsZWtzYW5kYXIgTmlrb2xpYyA8 bmlrb2xpYy5hbGVrQGdtYWlsLmNvbT6JATYEEwECACAFAkiGI4oCGy8GCwkIBwMCBBUCCAME FgIDAQIeAQIXgAAKCRA929M0wyjE0LzJB/4rCbrFo3Yqqow+8xPCAUekl0m+rSPy1m2yFqaY ufl+OWHd8lhH9w44BytX+9W7laUWzxleH5/9QjjQ8g/Jqi/kSjBUQZkLZxexyWSUV59FrgPS dWeKGM3mOIKVEU0FJebgGkmOG0XHHC3u5d8inK+g0IPeycJyWB0eHhDYe/VnodSXg9oIeeem wP/Pruf3drjHFDLzQkAh9PbfxQxbQFnSOO51mq5MDmfGo+CSH7YPximNY3LvrAkh+u0fgomq V0hu1Eg3ls6AdczDNRHMmlETqfcdrQTIrBRlx2NsHgo/4cygFjCV3gXi+ofcd4eVX0Avha+3 1N9lKw2mAB08IQwT =Ucln -----END PGP PUBLIC KEY BLOCK----- Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 12 / 28 The Tools TrueCrypt TrueCrypt File and disk encryption Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 13 / 28 The Tools TrueCrypt What problem does it solve? Say your laptop gets stolen. Or you simply lose your USB flash drive. Or someone accesses your computer while you are not around. Not just for storage, for sending files too. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 14 / 28 The Tools TrueCrypt TrueCrypt - Data Encryption Free/Open Source software offering high grade file and disk encryption. Performs on-the-fly encryption/decryption and has minimal effect on your work. Supports many different modes: Creating simple file containers - mounted as virtual hard drives. Full disk encryption - whole drive protected. System disk encryption - secure whole operating system from boot up. Allows plausible deniability by creating hidden volumes. A volume inside a volume. One as a decoy and one containing actual data, two passwords. Reveal only decoy volume password. No way to prove existence of hidden volume. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 15 / 28 The Tools TrueCrypt Creating containers and encrypting files Crucial to choose a strong passphrase. Whole volume is encrypted using a specified symmetric cipher. Passphrase is hashed. The container can be moved around. When mounted appears as a new hard drive. Lets see it in action: Create the volume. Encrypt files. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 16 / 28 The Tools OpenVPN OpenVPN Creating secure tunnels over insecure channel Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 17 / 28 The Tools OpenVPN What problem does it solve? Say you are in a caf´e, connected to open wireless network. You are connected to the Internet over an insecure channel (tho Internet itself can be considered insecure channel). How do you know the WiFi network isn’t monitored, password captured, data logged . By creating a secure tunnel to a known trusted gateway, we can use an insecure channel in a secure manner. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 18 / 28 The Tools OpenVPN OpenVPN - Secure Internet Tunnel VPN - Virtual Private Networks Creating virtual networks over internet. OpenVPN - free/open source implementation. Enables creation of encrypted communication over untrusted channel. Provides added privacy. You can set up your own server and there are many online providers. Some even say that they don’t keep the logs, which would make your connection virtually untraceable. Except that they probably do keep the logs. Don’t rely on VPN for anonymity! Use it only for keeping your data private over an insecure channel. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 19 / 28 The Tools OpenVPN Using OpenVPN Can use various ciphers, highly configurable. Public/private keys used for authentication. Appears as a new (virtual) network interface on the system (usually denoted tun0 and tap0). By adding a default route to configuration, all your network traffic, after you are connected to the VPN, will go trough the VPN tunnel. Lets see how it works! Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 20 / 28 The Tools Tor The Onion Router Browser Internet Anonymously Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 21 / 28 The Tools Tor What problem does it solve? Say you are a journalist, working on a sensitive investigation. Or a human rights activist, spreading sensitive information. Or a Law Enforcement Officer investigating known criminals. Sometimes you don’t want your Internet browsing to lead back to you. It can be very unhealthy to have criminals and/or governments against you :) Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 22 / 28 The Tools Tor Tor - Anonymous Internet Access The Onion Router Project - free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business
Recommended publications
  • Course 5 Lesson 2

    Course 5 Lesson 2

    This material is based on work supported by the National Science Foundation under Grant No. 0802551 Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the National Science Foundation C5L3S1 With the advent of the Internet, social networking, and open communication, a vast amount of information is readily available on the Internet for anyone to access. Despite this trend, computer users need to ensure private or personal communications remain confidential and are viewed only by the intended party. Private information such as a social security numbers, school transcripts, medical histories, tax records, banking, and legal documents should be secure when transmitted online or stored locally. One way to keep data confidential is to encrypt it. Militaries,U the governments, industries, and any organization having a desire to maintain privacy have used encryption techniques to secure information. Encryption helps to boost confidence in the security of online commerce and is necessary for secure transactions. In this lesson, you will review encryption and examine several tools used to encrypt data. You will also learn to encrypt and decrypt data. Anyone who desires to administer computer networks and work with private data must have some familiarity with basic encryption protocols and techniques. C5L3S2 You should know what will be expected of you when you complete this lesson. These expectations are presented as objectives. Objectives are short statements of expectations that tell you what you must be able to do, perform, learn, or adjust after reviewing the lesson.
  • Cryptography

    Cryptography

    56 Protecting Information With Cryptography Chapter by Peter Reiher (UCLA) 56.1 Introduction In previous chapters, we’ve discussed clarifying your security goals, determining your security policies, using authentication mechanisms to identify principals, and using access control mechanisms to enforce poli- cies concerning which principals can access which computer resources in which ways. While we identified a number of shortcomings and prob- lems inherent in all of these elements of securing your system, if we re- gard those topics as covered, what’s left for the operating system to worry about, from a security perspective? Why isn’t that everything? There are a number of reasons why we need more. Of particular im- portance: not everything is controlled by the operating system. But per- haps you respond, you told me the operating system is all-powerful! Not really. It has substantial control over a limited domain – the hardware on which it runs, using the interfaces of which it is given control. It has no real control over what happens on other machines, nor what happens if one of its pieces of hardware is accessed via some mechanism outside the operating system’s control. But how can we expect the operating system to protect something when the system does not itself control access to that resource? The an- swer is to prepare the resource for trouble in advance. In essence, we assume that we are going to lose the data, or that an opponent will try to alter it improperly. And we take steps to ensure that such actions don’t cause us problems.
  • Chapter 12 Pretty Good Privacy (PGP)

    Chapter 12 Pretty Good Privacy (PGP)

    Chapter 12 Pretty Good Privacy (PGP) With the explosively growing reliance on electronic mail for every conceivable pur- pose, there grows a demand for authentication and confidentiality services. Two schemes stand out as approaches that enjoy widespread use: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME). The latter is a security en- hancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security. Although both PGP and S/MIME are on an IETF standards track, it appears likely that S/MIME will emerge as the industry standard for commercial and organisational use, while PGP will remain the choice for personal e-mail security for many users. In this course we will only be looking at PGP. S/MIME is discussed in detail in the recommended text. 12.1 Background PGP is a remarkable phenomenon. Largely the effort of a single person, Phil Zimmer- mann, PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. In essence what Zimmermann has done is the following: 1. Selected the best cryptographic mechanisms (algorithms) as building blocks. 2. Integrated these algorithms into a general purpose application that is independent of operating system and processor and that is based on a small set of easy to use commands. 3. Made the package and its source code freely available via the Internet, bulletin boards, and commercial networks such as America On Line (AOL). 4. Entered into an agreement with a company (Viacrypt, now Network Associates) to provide a fully compatible low cost commercial version of PGP.
  • Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard V1.2.3

    Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard V1.2.3

    Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3 Phong Q. Nguyen CNRS/Ecole´ normale sup´erieure D´epartement d’informatique 45 rue d’Ulm, 75230 Paris Cedex 05, France. [email protected] http://www.di.ens.fr/˜pnguyen Abstract. More and more software use cryptography. But how can one know if what is implemented is good cryptography? For proprietary soft- ware, one cannot say much unless one proceeds to reverse-engineering, and history tends to show that bad cryptography is much more frequent than good cryptography there. Open source software thus sounds like a good solution, but the fact that a source code can be read does not imply that it is actually read, especially by cryptography experts. In this paper, we illustrate this point by examining the case of a basic In- ternet application of cryptography: secure email. We analyze parts of thesourcecodeofthelatestversionofGNUPrivacyGuard(GnuPGor GPG), a free open source alternative to the famous PGP software, com- pliant with the OpenPGP standard, and included in most GNU/Linux distributions such as Debian, MandrakeSoft, Red Hat and SuSE. We ob- serve several cryptographic flaws in GPG v1.2.3. The most serious flaw has been present in GPG for almost four years: we show that as soon as one (GPG-generated) ElGamal signature of an arbitrary message is released, one can recover the signer’s private key in less than a second on a PC. As a consequence, ElGamal signatures and the so-called ElGamal sign+encrypt keys have recently been removed from GPG.
  • A History of End-To-End Encryption and the Death of PGP

    A History of End-To-End Encryption and the Death of PGP

    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
  • PCI Assessment Evidence of PCI Policy Compliance

    PCI Assessment Evidence of PCI Policy Compliance

    PCI Assessment Evidence of PCI Policy Compliance CONFIDENTIALITY NOTE: The information contained in this report document is for the Prepared for: exclusive use of the client specified above and may contain confidential, privileged and non-disclosable information. If the recipient of this report is not the client or Prospect or Customer addressee, such recipient is strictly prohibited from reading, photocopying, distributing or otherwise using this report or its contents in any way. Prepared by: Your Company Name Evidence of PCI Policy Compliance PCI ASSESSMENT Table of Contents 1 - Overview 1.1 - Security Officer 1.2 - Overall Risk 2 - PCI DSS Evidence of Compliance 2.1 - Install and maintain firewall to protect cardholder data 2.1.1.1 - Requirements for firewall at each Internet connections and between DMZ and internal network zone 2.1.1.2 - Business justification for use of all services, protocols and ports allowed 2.1.2 - Build firewall and router configurations that restrict connections between untrusted networks and the cardholder data environment 2.1.2.1 - Restrict inbound and outbound to that which is necessary for the cardholder data environment 2.1.2.3 - Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet 2.1.2.4 - Implement stateful inspection (also known as dynamic packet filtering) 2.1.2.5 - Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet 2.2 - Prohibition of vendor-supplied default password for systems and security parameters 2.2.1
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

    Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
  • Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities

    Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities

    University of Central Florida STARS HIM 1990-2015 2013 Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities Mark Berrios-Ayala University of Central Florida Part of the Legal Studies Commons Find similar works at: https://stars.library.ucf.edu/honorstheses1990-2015 University of Central Florida Libraries http://library.ucf.edu This Open Access is brought to you for free and open access by STARS. It has been accepted for inclusion in HIM 1990-2015 by an authorized administrator of STARS. For more information, please contact [email protected]. Recommended Citation Berrios-Ayala, Mark, "Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities" (2013). HIM 1990-2015. 1519. https://stars.library.ucf.edu/honorstheses1990-2015/1519 BRAVE NEW WORLD RELOADED: ADVOCATING FOR BASIC CONSTITUTIONAL SEARCH PROTECTIONS TO APPLY TO CELL PHONES FROM EAVESDROPPING AND TRACKING BY THE GOVERNMENT AND CORPORATE ENTITIES by MARK KENNETH BERRIOS-AYALA A thesis submitted in partial fulfillment of the requirements for the Honors in the Major Program in Legal Studies in the College of Health and Public Affairs and in The Burnett Honors College at the University of Central Florida Orlando, Florida Fall Term 2013 Thesis Chair: Dr. Abby Milon ABSTRACT Imagine a world where someone’s personal information is constantly compromised, where federal government entities AKA Big Brother always knows what anyone is Googling, who an individual is texting, and their emoticons on Twitter.
  • Cryptographic Control Standard, Version

    Cryptographic Control Standard, Version

    Nuclear Regulatory Commission Office of the Chief Information Officer Computer Security Standard Office Instruction: OCIO-CS-STD-2009 Office Instruction Title: Cryptographic Control Standard Revision Number: 2.0 Issuance: Date of last signature below Effective Date: October 1, 2017 Primary Contacts: Kathy Lyons-Burke, Senior Level Advisor for Information Security Responsible Organization: OCIO Summary of Changes: OCIO-CS-STD-2009, “Cryptographic Control Standard,” provides the minimum security requirements that must be applied to the Nuclear Regulatory Commission (NRC) systems which utilize cryptographic algorithms, protocols, and cryptographic modules to provide secure communication services. This update is based on the latest versions of the National Institute of Standards and Technology (NIST) Guidance and Federal Information Processing Standards (FIPS) publications, Committee on National Security System (CNSS) issuances, and National Security Agency (NSA) requirements. Training: Upon request ADAMS Accession No.: ML17024A095 Approvals Primary Office Owner Office of the Chief Information Officer Signature Date Enterprise Security Kathy Lyons-Burke 09/26/17 Architecture Working Group Chair CIO David Nelson /RA/ 09/26/17 CISO Jonathan Feibus 09/26/17 OCIO-CS-STD-2009 Page i TABLE OF CONTENTS 1 PURPOSE ............................................................................................................................. 1 2 INTRODUCTION ..................................................................................................................
  • How to Install and Use True Crypt

    How to Install and Use True Crypt

    How to Install and Use True Crypt A download can be found for windows, Mac, or Linux on https://truecrypt.ch/downloads/ As of 9/22/14 the latest windows version is 7.1A. Table of Contents Installation on Windows .............................................................................................................................. 2 Encrypt an entire USB or portable hard drive ............................................................................................. 5 Create new container on USB or portable hard drive............................................................................... 12 How to Mount/Dismount a TrueCrypt container ..................................................................................... 18 Installation on Windows 1. Download the latest version of TrueCrypt and run the exe. 2. Accept the license agreement. 3. Next you have the option to install or extract this installation of TrueCrypt. If you will be accessing TrueCrypt containers very often then it would be best to install it. 4. Next select the installation location, preferences, and click install. 5. TrueCrypt will now install and after installation you can find the program in the program files directory or on the start menu. 6. Run the TrueCrypt program to bring up the main screen. Encrypt an entire USB or portable hard drive 1. Insert a USB or portable hard drive in the computer with TrueCrypt installed. 2. Run TrueCrypt, and select “Create Volume”. 3. Select the option to “Encrypt a non-system partition/drive”. 4. Next, you may select a Standard volume or a hidden volume. If you are unsure, leave the default “Standard TrueCrypt volume” selected and click next. 5. Click the “Select Device” button and select the drive that is the USB or portable hard drive. Then click Next. 6. Next, you can choose to format the entire drive and encrypt it (faster), or if there is data on the USB drive you can also use the option to “Encrypt partition in place”.
  • Unlocking the Fifth Amendment: Passwords and Encrypted Devices

    Unlocking the Fifth Amendment: Passwords and Encrypted Devices

    Fordham Law Review Volume 87 Issue 1 Article 9 2018 Unlocking the Fifth Amendment: Passwords and Encrypted Devices Laurent Sacharoff University of Arkansas School of Law, Fayetteville Follow this and additional works at: https://ir.lawnet.fordham.edu/flr Part of the Constitutional Law Commons, and the Criminal Procedure Commons Recommended Citation Laurent Sacharoff, Unlocking the Fifth Amendment: Passwords and Encrypted Devices, 87 Fordham L. Rev. 203 (2018). Available at: https://ir.lawnet.fordham.edu/flr/vol87/iss1/9 This Article is brought to you for free and open access by FLASH: The Fordham Law Archive of Scholarship and History. It has been accepted for inclusion in Fordham Law Review by an authorized editor of FLASH: The Fordham Law Archive of Scholarship and History. For more information, please contact [email protected]. UNLOCKING THE FIFTH AMENDMENT: PASSWORDS AND ENCRYPTED DEVICES Laurent Sacharoff* Each year, law enforcement seizes thousands of electronic devices— smartphones, laptops, and notebooks—that it cannot open without the suspect’s password. Without this password, the information on the device sits completely scrambled behind a wall of encryption. Sometimes agents will be able to obtain the information by hacking, discovering copies of data on the cloud, or obtaining the password voluntarily from the suspects themselves. But when they cannot, may the government compel suspects to disclose or enter their password? This Article considers the Fifth Amendment protection against compelled disclosures of passwords—a question that has split and confused courts. It measures this right against the legal right of law enforcement, armed with a warrant, to search the device that it has validly seized.
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s