Encryption utilities.

Where members can post anything unrelated to the fight against spam.

Encryption utilities.

Postby ColoradoChris » Wed Apr 27, 2011 8:36 pm

This is something I didn't mention in my survey of security set-ups awhile back. It recently came up in a little bit of research I was doing. Feel free to shed any light on the subject that you think would benefit the rest of the community. I myself am not so savvy with encryption. I didn't even bother using it until about a year ago. You come to realize how useful it can be. If I feel the need to, I rely on TrueCrypt. I have to say it doesn't seem to be the most user-friendly program but it works. I'm sure I haven't touched the full functionality it has but that can wait. A couple of friends mentioned some others I haven't even heard of. One was FlashCrypt and the other was Kruptos? The Kruptos trial is pretty fancy. And it isn't very pricey if you decide to buy it (the 10-user license is cheaper than a single-user one). My only concern with any of these closed-source programs would be built-in backdoors :| It also has a self-decrypting feature that allows you to view the file anywhere.

I've heard positive things about PGP (now Symantec-acquired) and debates on which algorithms are best. That's a little beyond the scope of what I'm asking but if you can condense some knowledge, go right ahead :silthumb:

Do you use something in particular? Why or why not?
User avatar
ColoradoChris
Spam Reporter
 
Posts: 128
Joined: Wed Jun 04, 2008 2:47 pm

Re: Encryption utilities.

Postby Nodus » Wed Apr 27, 2011 10:33 pm

ColoradoChris wrote:My only concern with any of these closed-source programs would be built-in backdoors

Maybe it's not what you meant, but TrueCrypt is actually open source. I don't know the other two products you mentioned, but based on my little experience I like TrueCrypt a lot. (And by "little experience" I mean I haven't used it for encrypting a lot of stuff even though I have used it many years. My needs haven't been that big so far. :))

There's another open source software quite similar to TrueCrypt that has also a trusted history of many years: FreeOTFE. Maybe you'd like to check out that one as well, although I think it may have a slightly bigger learning curve than TrueCrypt.

I've heard positive things about PGP (now Symantec-acquired) and debates on which algorithms are best.

Robert J. Hansen, a former cryptographic engineer for PGP Security, likes to put it this way every time the question about different algorithms comes up on the gnupg-users mailing list:

"Just stick to the defaults".

Meaning, the default algorithms that different OpenPGP software products offer are usually the best ones for common users, unless there's some specific need or an algorithm is suddenly broken (which usually is a longshot). By using those — and not some exotic combination — it's the most likely you won't come across any compatibility or interoperability problems when using them with other people.

But there's really not a single "right" answer for "what is the best cryptographic algorithm". David Shaw, one of the developers of GnuPG, once used this nice allegory (ref):

It's important to note that we're talking about tiny fiddling details here. Either path is so vastly stronger than is usually needed that this is rather like discussing whether a 1001-foot fence is better than a 1000-foot fence: sure, 1001 sounds better, but if you have an attacker that could get over a 1000 foot fence, it's safe to assume they can make a pretty good crack at the remaining foot.

Basically, use any algorithm PGP offers, and you don't have much to worry about. :)
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2287
Joined: Fri Jun 15, 2007 7:05 pm

Re: Encryption utilities.

Postby AlphaCentauri » Wed Apr 27, 2011 11:07 pm

I thought PGP was open source. The last I read up on it years ago, the developer had released the code rather than accept restrictions by the US government that treated the sale of encryption software as if he were selling military hardware.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Encryption utilities.

Postby Nodus » Thu Apr 28, 2011 1:32 am

Yeah, that was back in the beginning of 1990's when the creator of PGP, Phil Zimmermann, was actually under a criminal investigation for several years because of that. The case was finally dropped, and Zimmermann founded a company, which was later acquired by Network Associates, which in turn was acquired by PGP Corporation, which seems to now have been acquired by Symantec. It's quite complicated, and I haven't followed these episodes closely enough to tell much more about it. All I can say is that Symantec has a bad reputation of bloating and ruining every piece of software dropping into their hands. :)

As I have understood it, PGP has actually never been "open source software" in the way the term is usually used. True, the source has been available most of the time, but at least from the times of Network Associates it has not always been freely downloadable without registration or some other restrictions. I'm not sure what's the case at the moment, since I can't be bothered to dig deep enough into the bowels of Symantec's site.

For the last decade or so I have myself been using GnuPG instead. It's open source and free software in the strictest manner, and it's also compatible with PGP. Or more precisely, they both adhere to the same IETF standard, OpenPGP (RFC 4880). (Well, actually I'm not sure whether the Symantec versions of PGP still adhere to the standard, but anyway...)
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2287
Joined: Fri Jun 15, 2007 7:05 pm


Return to Unrelated to Spam

Who is online

Users browsing this forum: No registered users and 1 guest