Encryption Archives

Nolan Bushnell, founder of Atari, is now claiming that TPM (Trusted Platform Module) chips that are installed on many new motherboards will make it impossible to pirate game software.

While it’s true that the TPM chips he’s talking about will present a seriously increased challenge, there’s no doubt at all in my mind that determined hackers, both the kind that live in condo hotels on profits from the sale of pirated games to the kind that just have to tackle the problem to prove that it’s not “Uncrackable” despite Bushnell’s claims.

People have made claims about this or that system being “Uncrackable” before and sooner or later somebody always comes along and proves that there is in fact a way to crack it.  A good example is the now infamous case of DeCSS, where the CSS encryption algorithm used to encrypt DVD movies was reverse engineered and the DeCSS descrambler Source Code has since been distributed in many forms and languages in a deliberate effort to foil those who would see that code squashed.  I think it’s probably the most widely distributed source code ever written.

Technorati Tags: tpm chip, encryption, piracy, pirated software, uncrackable, pirated games, trusted platform module hacking, games, hackers

Even A Dead Drive Can Still Talk

I just read a very informative article about one person’s experience with using a commercial service to recover the contents of a “dead” hard drive.

I think this article is well worth reading by anyone that keeps any kind of “sensitive” information on their hard drives.  It seems that even if you take the drive out of the computer and beat the thing with a sledgehammer it’s entirely likely that outfits like Drivesavers will be able to recover a surprising amount of data from the drive.  …and that’s just a commercial outfit.. it’s generally accepted that government agencies are five to ten years ahead of the general public when it comes to certain kinds of technology… such as recovering data from drives and cryptography.  If you don’t believe that certain Three Letter Agencies wouldn’t be able to outperform a Drivesavers kind of operation, then I’ve got some oceanfront property in Kansas that I think you’ll be interested in.

The solution for keeping things secure is to never store sensitive data on an un-encrypted hard drive.  You’re infinitely better off setting up a truecrypt container and keeping your data in that.  Then storing the containers themselves on a hard drive thats been treated with whole disk encryption.  It may sound like overkill but in matters of security, paranoia is the word of the day.

Technorati Tags: data+recovery, drive+recovery, drivesavers, encrypted+container, Encryption, Security, truecrypt, whole+disk+encryption

New Version Of Mixminon Message Sender Released

After a LONG time without updates, version 1.2.5-Beta of Mixminion Message Sender is now available.

There’s been several changes / tweaks in the code (see the changelog below) and I’ve created a new distribution that includes Mixminion ready to run “out of the box”.

I have not yet been able to compile Win32 binaries of the latest version of the Mixminion software so it’s still using version 0.0.7.1.  When I am finally able to, I’ll include Mixminion 0.0.8alpha3 (or whatever version is current at the time.).

I’ll have a new edition of the Freenet MMS page inserted sometime over the next few days.

Changelog:
05/18/08 -1.2.5-Beta
Bugfix: error in mail2news gateway selection code caused @m2n.4096.net to be ignored.
Code is fixed, but the gateway isn’t working as of this release.

Removed @newsanon.org from mail2news gateway list since it’s been confirmed down
for quite a while.

Created a second distribution that includes mixminion already set up so that it’s
ready to run “out of the box”

Changed dummy packet generation to allow creating multiple packets,
default set to 3 packets at a time.

Changed “Clear form” command so that it sets the mail2news gateway to @m2n.mixmin.net instead of “None”

Set default update interval to 2 hours if “Auto Update Servers” is enabled.

Changed minimum possible hops from 2 to 3 to insure minimum safe anonymous path

Changed maximum possible hops to 29 after experiments showed it to work

Changed SURB generation so that first and last hop select boxes and Number of hops
droplist control the SURB path

Made the ‘get path’ routine into a subroutine that’s now called from several places
instead of duplicating code

Technorati Tags: Anonymity, anonymous, anonymous+email, freeware, mixminion, mixminion+gui, mixminion+message+sender, Open+source, program, remailer+client, Software, type+III+remailer, type+III+remailer+client, win32+mixminion+gui

Another Case For Using Encryption

There’s a piece in the NYTimes about lawyers having to fly all over the place and take all sorts of measures because they’re afraid of their contact with clients being monitored by the US government.

While I’m never going to be sympathetic to terrorists & their supporters, it’s part of how things are *supposed* to be done that lawyers get to communicate securely with clients.  What I don’t get about the NYT story is that these people are wearing themselves and their luggage out, living in perpetual jet lag when it seems that all they need to do is make one initial trip to establish arrangements with their clients to communicate securely by email.

It’s simple enough.  You get somebody with enough know how to be accurate and enough teaching skill to make it easy for anyone to write up instructions for basic use of GnuPG for encrypting emails.  Make one trip to give that to your client, exchange public keys and head back home.  After that, email communication is secured by encrypting everything with GnuPG.

Technorati Tags: email, security, encryption, gnupg, private+communication, domestic+spying

FBI Wants Authority To Snoop Internet Backbone Data

I think it’s pretty safe to say that the fact that there are government agencies doing a lot of snooping on all manner of Internet traffic.  It’s also safe to say that since 9-11 this snooping has escalated massively.  Now, the FBI is trying to get access to data that the NSA has been collecting from the Internet backbone (servers through which ALL Internet traffic passes through) so that they can look for criminal activity.

The problem with this is that they’re apparently not just limiting this to justifiable searches and evidence gathering in the course of an ongoing investigation.  This is a lot more “Big Brother” in nature, scanning data looking for things that they can then investigate and prosecute as crimes.  As if they don’t already have enough active cases to work on.

The problems with this kind of thing are many, most of which have to do with the fact that it blows all sorts of holes in people’s right to privacy.  It also means that it becomes more and more necessary to watch what you say online because you never know when “Big Brother” is watching and what he may decide is a sign that you’re on the wrong side of the law.

It means that people need to take active steps to maintain privacy.  The first thing to remember is that the online world has always been subject to people being able to snoop.  While it’s generally a good practice to never write anything online that you wouldn’t want posted on a billboard where everyone in town can read it, it’s also sometimes necessary to communicate privately.

This is why I think that everybody should take a little bit of time to get and learn how to use some basic privacy tools.  Like for example, users of the Thunderbird mail client could get GnuPG and the Enigmail plugin and learn how to send encrypted and / or signed emails.  Maintaining safe browsing practices, never entering important passwords on un-trusted computers. (and untrusted means something that you’re not in control of what’s on it)

As for the FBI’s quest for access to still more information about everybody and their habits.  This needs to be stopped, the problem is that too many people are either ignorant of or foolishly unconcerned about things like this until it’s too late.

Technorati Tags: encryption, security, fbi, nsa, internet+backbone, domestic+spying, gnupg, enigmail, safe+computing, privacy

 Page 5 of 8  « First  ... « 3  4  5  6  7 » ...  Last »