Encryption thread

I've encrypted my drive, if the NSA ever confiscates my laptop, they'll never find out I fap to ebony porn.

>>57229347
>>$CURRENT_YEAR
>>still not encrypting your whole system with LUKS+dm-crypt or Veracrypt.
But I do
>>still not signing and (if possible) encrypting all your e-mails with GnuPG
I do but most People dont
>>still not using TextSecure/Signal to encrypt all your SMS and phone call
Signal fit life
>>still not using Telegram as your only instant messaging program
I use signal?
>>still not enabling DNSSec
DNSSEC diset encrypt anything i ise dnscrypt for that
>What's your excuse? Do you not value your privacy?

Trying to secure email is pointless given that no fucking ones uses gpg.
Signal is cancerous and requires Google botnet to work properly.

>>57229383
No amount of encryption will help you if you keep typing in that identifiable broken English

>>57229347
Whatsapp has been encrypted for a while, and unless veracrypt gets audited im not getting that shit.

File: man-using-laptop-in-bed.jpg (167KB, 500x334px) Image search: [Google]

167KB, 500x334px

>>57229424
>Veracrypt
Still better than BitLocker or FileVault though if you're using Windows or OSX.

File: serveimage.jpg (142KB, 1024x768px) Image search: [Google]

142KB, 1024x768px

>>57229424
>unless veracrypt gets audited
https://threatpost.com/veracrypt-patches-critical-vulnerabilities-uncovered-in-audit/121342/
https://ostif.org/the-veracrypt-audit-results/

>>57229424
>unless veracrypt gets audited
https://ostif.org/the-veracrypt-audit-results/

>>57229487
>>57229489
LOL

You do realise this "audit" was done by some FOSS dude who hasn't even done a proper audit before in the security industry?

>>57229424
>wanting an audit for veracrypt
>using whatsapp
???
they say they implemented the signal protocol but didnt see an audit yet

File: hackerperson.png (205KB, 946x922px) Image search: [Google]

205KB, 946x922px

>>57229548
two persons auditers there were
ur not a real hacker lol faker jajajaja

>>57229347
I'm not a Daesh terrorist nor Hillary Clinton, i don't need encryption

File: typical macfag battlestation.jpg (672KB, 2048x1536px) Image search: [Google]

672KB, 2048x1536px

>>57229665
>Daesh
You can't seriously be actually using that word now

File: image.jpg (29KB, 140x218px) Image search: [Google]

29KB, 140x218px

I thought telegram was an insecure app?

Aren't they the ones that rolled their own encryption?

>>57229665
>implying sand niggers understand how computers work

>>57229845
telegram uses a custom encryption algorithm developed by the two retards who created the app

I only use full-disk encryption on my laptop. If a swat team comes to seize my desktop I've already fucked up. They probably already have me, and since the thing is on all time they'd be able to run a cold-boot attack. Or just fuck with the terminal window I leave open.

Consider your threat model, people. Protect against the most likely attacks first.

>>57229955
How do you protect yourself from SWAT though

Not even a gun nut can defend himself from the SWAT or military if they really want to arrest you.

>>57229977
>>How do you protect yourself from SWAT though
you practice proper opsec and avoid ever attracting their attention in the first place.

>>57229977
you have file system level encryption so that they can't just open up all your super s3cret files when they get your computer that's always turned on

>>57229665
>I don't need encryption

I assume you don't need locks either. Where do you live and what time are you not home?

>>57229977
VNC/remote desktop

>>57230053
>running a remote access tool on your desktop computer
lets just throw away all our security guys

>>57229347
I dont download CP and I'm not a 400lbs hacker called 4chan. So no, I dont give a shit.

Can someone explain to me how to create a basic LUKS+dm-crypt partition?
On Gentoo and the wiki doesn't seem to explain it very well in a step by step manner.

>>57230032
Well, if the police has a warrant they can break your lock anyway. Why shouldn't they be able to break your encryption? In fact they should, and common sense dictates so. Secure backdoors are coming whether you like it or not, it's just a matter of time.

>>57229347
>still not using TextSecure/Signal to encrypt all your SMS and phone calls
>still not using Telegram as your only instant messaging program
You fucked up.
Phones have proprietary modem that has full access to the main CPU.
Telegram needs your phone number and you can't setup your own server.
>>>/trash/

File: 1477402106453.jpg (36KB, 474x509px) Image search: [Google]

36KB, 474x509px

>>57229347
>>still not signing and (if possible) encrypting all your e-mails with GnuPG
>signing emails
>using email at all
>>still not using TextSecure/Signal to encrypt all your SMS and phone calls
Sends your metadata to Google, requires phone verification, only on Google Play for reasons unknown, phone part doesn't allow "no caller ID"
Good goyim, trust Matthew (((Rosenfeld)))

>>57229845
Yes, but the based Russians behind it know how to servers at least. Signal isn't trustworthy either.

>>57229347
I don't want to slow down my pc and no one uses signal or all that shit so it doesnt matter how secure it is

>LUKS+dm-crypt
I do. My Windows boxes use Bitlocker (trusting the Windows kernel anyway, and last time I audited the binary, it was alright and uses AES-128-XTS, just the same as Veracrypt or dm-crypt would - you do need Pro to use it however, and you do need to make sure you don't "back up" your keys to a Microsoft account by accident).

>GnuPG
I do, where relevant. You might not want everything non-repudiably signed, it has no forward security, and it's encryption that many people find very difficult to use - other options may work better, such as

>Signal
Is the highest-quality messenger around. We trust it with our nudes. It could still be a lot better: Moxie doesn't always play well with others, it's a shame it requires phone numbers, his servers, and he won't federate.

>Telegram
Wrong. No. Stop. We audited it. It failed. Telegram is clear by default, which has got people killed, and the encryption it does have is... spurious and ridiculous. You shouldn't use it.

>DNSSec
Has downsides (EDNS0 + big keys = amplification attacks, small shitty root keys) but some upsides when used alongside other things, e.g. DANE to restrict/augment public PKIX CAs with CT. My domains are signed with secp256r1. It's certainly not perfect and remains controversial for a reason.

>>57229424
WhatsApp's end-to-end encryption is legit - I've audited an earlier version back when they announced full implementation of the Signal protocol - but I cannot recommend it anymore because they share phone numbers with their parent company Facebook for the purposes of contact/Facebook friend discovery, and that has some fairly deep implications, including automatic contact graph derivation. I'm VERY disappointed in them for that.

Case study: a psychologist who discovered several clients had received unsolicited Facebook suggestions to friend each other and her because it worked out they'd all been to the same place, despite the identity of her clients being confidential medical information.

>>57233127

Sue Facebook/WhatsApp for breaking HIPA laws.

>>57229347

Still using a US HQ cloud provider for anything at all when the Patriot Act overrides legal privacy protection in the world.

But why? I don't do anything illegal or even interesting

>>57236200
Great - so there's no reason for anyone to need to spy on you then, so you should definitely use encryption wherever it is practical, for all the other people who are doing interesting things.

>>57229347
theres no way to have full disk encryption with a secure password and remember it. its not secure if the password stored on something that someone else could access.

>>57236585
>theres no way to have full disk encryption with a secure password and remember it.
>he can't remember a 64-char random password with a few hours of dedicated practice.
baka desu senpai

I want to use gpg. Is there any /g/ approved guide?

>>57236994
why do you need an approved guide to encrypt & sign documents

>>57237054
I don't want to use a backdoored guide.

>>57237062
wat

File: 1457346583543.jpg (56KB, 604x453px) Image search: [Google]

56KB, 604x453px

>>57229347
I have DNScrypt enabled

However I didn't encrypt HDD because it may impact virtualbox' performance

File: IMG_1657.jpg (73KB, 550x400px) Image search: [Google]

73KB, 550x400px

I just migrated my Fedora home folder using ecryptfs. Srm'd the backup too.
I use GPG.
I use Wire.
I use OpenNic + DNSCrypt

Some of us do indeed have things to hide.

>>57229347
>telegram
Use Signal you faggot.

File: 2239390 日暮里 はがんいっしょう.jpg (80KB, 617x402px) Image search: [Google]

80KB, 617x402px

>thinking you're safe carrying around a backdoored tracking device all day
lmao

File: stresscat.jpg (41KB, 500x375px) Image search: [Google]

41KB, 500x375px

Curious. Mixing legit advice with kike botnets.

>$CURRENT_YEAR
>still not encrypting your whole system with LUKS+dm-crypt or Veracrypt
>still not signing and (if possible) encrypting all your e-mails with GnuPG
Legit.

>still not using TextSecure/Signal to encrypt all your SMS and phone calls
>still not using Telegram as your only instant messaging program
>still not enabling DNSSec
Botnet.

What's your point? Are you jewish?

>>57237559
>living in burgerland

>>57229347
>Veracrypt

Once again:

- VeraCrypt has NOT undergone a complete audit. Emphasis on complete. The developers paid for a half-assed audit and handed out small bits of code, leaving large blanks that don't really tell us anything about VC's security, or the possibility that it may be backdoored.

- TrueCrypt HAS undergone a complete audit, and as of version 7.1a, it is proven safe to continue using it.

- TC's license forbids forking, and with good reason.

>>57237695
+ TC was apparently authored by a /pol/ster.

> In an archive of old message boards from the 1990s, I had encountered a prolific and often abusive user from Australia posting under the name Paul Le Roux. In forums like aus.general and alt.religion.kibology (named after a parody religion—it’s a long story), he was often angry and sarcastic, writing extreme or offensive screeds in an attempt to rile up other users. He was, in other words, a troll: the kind of person you might find on Reddit or in a newspaper’s comment sections, getting high off the reactions of fellow posters to his deliberately provocative opinions.

Reminder: This is the same VeraCrypt shill who has been reposting these threads on /g/ on a daily to weekly basis. He samefags the threads to support the use of VeraCrypt and posts the same patently false claims about VeraCrypt's security and audit status. All discussion within the thread shuts down when he's called out on his bullshit. A few days later, he recreates the same thread recycling the same false claims.

VeraCrypt is an unauthorized fork of TrueCrypt. It has not undergone a proper or complete audit, and is presumably just an NSA backdoored version of TC's source until proven otherwise. Before being shut down, TrueCrypt did undergo a complete audit, and no major vulnerabilities were found. So you should either be using dm-crypt with LUKS, or falling back on TC 7.1a.

>>57230723
They're not "secure" backdoors. They're just regular backdoors. They're coming whether we like it or not, but they won't be secure.

>>57238201

Might wanna loosen your tinfoil hat a bit, it's cutting bloodflow to your brain.

>>57238660
You believe it's possible to make a truly secure backdoor?

>>57236200
Doesn't matter. They're still spying on you anyway. Why? Because they can.

>>57230723
NSA shill pls go and stay go

>>57237834
see
>>57229441
>>57229487

>>57229347
can anyone connect to soltysiak from poland using dnscrypt? DNS works when it claims to be connected but the validation tool on their site says i'm not using it.

>>57229347
I don't talk to people outside of work anyway, and I use my encrypted linux autismbox for everything that isn't gaming when I'm at home.

>>57229347
do i need a static DNS with this resolver?

File: 1470652981806.png (19KB, 778x609px) Image search: [Google]

19KB, 778x609px

>>57239737

How does the thread feel about keybase.io?
I've been using it with alternate keys with some close friends of mine to try out kbfs, and encryption, verification, and sharing are much less cumbersome than with traditional tools. It may be less secure, but I haven't uploaded my private key to keybase, and it's fine for me. Seems secure enough.

If I wanted to trade drugs on the darkweb, I'd use pgp and standard opsec, but keybase is just a useful frontend for the same purpose.

I like it, and I'd like to know if anyone sees any obvious flaws.

File: 1453518052295.png (26KB, 629x722px) Image search: [Google]

26KB, 629x722px

>>5723980
is this the best 1st tier DNS? ignore my other posts

>>57240159
i intended to link to this>>57239807
(my previous posts)

>>57229347
>TextSecure/Signal
SMS was dropped long ago from TextSecure
Silence is what you can use to encrypt your SMS and MMS
>Telegram
Shit, use Signal
>DNSSec
You should also be using dnscrypt

>>57240518
It's all moot unless you are using a 3rd party rom like replicant.

stock roms are probably all loaded with NSAware.

>>57240677
>It's all moot unless you are using a 3rd party rom like replicant.
It's moot security wise but not adoption wise, using it will help adoption a lot
And security wise it's not moot against skiddies, russians and minor state actors

>>57240768
who cares about the adoption of the nigger cattle who are using an encrypted messenger app while still using a stock rom and still using facebook and still using windows and still being nigger cattle?

>>57240858
>who cares about people supporting projects so they continue
wew lad are you a #jtrig4free or are you a 1337 haxx0r supir sicrit club no n00bs allowed xD xD

>>57240159
this doesn't work for me at all :( can others test this tier 1 DNS server?

also using DNSSEC with my resolver makes it impossible to find 4chan for me even when the resolver states that it supports DNSSEC . does DNSSEC work when connecting to 4chan for you guys?

>>57240968
I'm using unbound with dnssec enabled and using dnscrypt.eu with dnscrypt as a forwarder
It works with 4chan

>>57240927
If it requires money to keep it going its already flawed.

>>57241011
It's not just money you massive retard, adoption motivates developers, helps finding out bugs, and motivates bug/vulnerability hunting
No one gives a fuck about small projects made by a few retards, that's why Tox is such a massive pile of shit, no one actually uses it and no one cares enough to audit the codebase
Also, adoption helps to hide you in the noise of other retards using the same protocol, which you would know it's a great thing for privacy and plausible deniability if you weren't retarded

>>57241070
I didn't think tox was available for phones. I wouldn't know anyway because i don't own a tracking device.

>>57229383
how do you encrypt when dual booting?

don't you have to have other people know your key to gnupg?


how does dnscryp work

File: ktwb-cattle-country-750.jpg (82KB, 750x280px) Image search: [Google]

82KB, 750x280px

>>57241146

>>57229347
>>57229383
>using an application that needs to go through a propitiatory server as middle man between communication.


worthless

File: 1450991818227.png (19KB, 790x601px) Image search: [Google]

19KB, 790x601px

>>57240998
thanks. whenever i check the box here for DNSSEC, all lookups work besides 4chan for some reason. temporarily using google as 1st tier right now because the only other one i want doesn't work for me for some reason which is here:
>>57240159

>>57230723
That's a retarded analogy to a backdoored cryptosystem. A more appropriate analogy would be that you gave a key to all of your residences and storage to every single officer and then trust that they will keep it safe and not abuse its use, which, even ignoring the potential malicious abuse, governments can not be trusted to keep your secrets--they have a terrible track record of doing so, and they are never liable for the damages.

If the police have a warrant, they can try to break your encryption or find a side channel.

>>57230723
if they think your computer really contains information they would need they would just torture you mentally/physically until you give them the passphrase

File: tox.jpg (14KB, 300x300px) Image search: [Google]

14KB, 300x300px

>>57241198
This. What everyone should be using is Tox.

>>57244166
Ever heard of human rights?

>>57244416
Ever heard of Guantanamo Bay?

>>57244445

So you take issue with muh privacy but not with torture, abuse, slavery and kidnapping?

Encryptards, everyone!

File: shared-sacrifice.png (762KB, 1994x526px) Image search: [Google]

762KB, 1994x526px

>>57244445
I have. That's barbaric and has no place in civilized, free, democratic society.

Kindly fuck off to a less rational board, sir.

>>57244461
I do actually. Just not on /g/.

>>57244487
>sir
please GTFO out back to >>>/reddit/ faggot

>>57244510
>le plebbit bogeyman
>unironical homophobia
If you're trying to be funny, it's not working. If you're not, then it's time to stop posting.

File: 1449700031586.png (35KB, 625x626px) Image search: [Google]

35KB, 625x626px

>>57244533
Where did you see unironic homophobia?

>>57244487
>That's barbaric and has no place in civilized, free, democratic society.
which only proves that we don't live in a civilized, free, democratic society

>telling that anon to fuck off
he was only proving the point of this anon >>57244166

>>57244546
>using the fgt-word

>>57229347
>>>still not using Telegram as your only instant messaging program
Into the trash it goes.
https://security.stackexchange.com/questions/49782/is-telegram-secure

TL;DR: Don't roll your own crypto.

>>57244510
That """"""""""argument""""""""" sure showed him HEHE XDLELELELEEL:dddddddd

>>57237630
>thinks that matters.
Also; what's your country's laws on encryption?
Is it go directly to jail?

>>57229373
Their quantom computers can break your encryption in hours you dummy

>>57244590
So if I say "faggot" I'm immediately homophobic? What a joke.

For me it's nothing more but a swearword. You just told me to fuck off, why should I remain polite? I could've called you retard too, or asshole. Or dick even. Whatever floats your boat, I think the latter.

>>57244668
Quantum computers can't break symmetric encryption.

>>57230723
>Well, if the police has a warrant they can break your lock anyway. Why shouldn't they be able to break your encryption?

Having a warrant has little to do with breaking/bypassing a lock. A brick will work on most car windows. Encryption has the advantage of being incredibly easy to upscale, there's nothing stopping people from running kilobit or even megabit sized symmetric encryption keys

>>57244704

Military-grade sized encryption keys.

>>57244590
>fgt-word
>Going to places you are not wanted just to complain unironically.
Don't you have a BLM rally to attend? 4chins is not your safe space.

>>57244668
What quantum computers?

>>57229347
>not encrypting your whole system with LUKS+dm-crypt or Veracrypt
Filevault is broken on hackintosh, and android FDE is broken on RN3P CM13.
>signing and (if possible) encrypting all your e-mails with GnuPG
Nobody use this shit nowadays.
>TextSecure/Signal to encrypt all your SMS and phone calls
Same thing. There is no one on Textsecure, Signal or Wire. Eastern europe normies mostly use WhatsApp and Viber, sometimes Messages, Skype or Telegram (btw it's an FSB honeypot).
>enabling DNSSec
Why not just get a VPN?

>>57244731

You are not wanted here.

>>57244734

Theirs.

>>57244916
Why are you on 4chan?

>>57244590
oh shut the fuck up faggot

>>57244916
liberal faggot spotted

File: 1472972729908.png (55KB, 1035x226px) Image search: [Google]

55KB, 1035x226px

can any of you explain this?

File: 1461577271792.png (49KB, 1000x220px) Image search: [Google]

49KB, 1000x220px

>>57247751

>>57247751
>>57247774
One of your DNSSEC extensions is shit

File: 1469699909854.png (42KB, 1628x464px) Image search: [Google]

42KB, 1628x464px

>>57247806
thanks. its the same extension tho

File: Screen Shot 2016-10-26 at 11.19.08 AM.jpg (139KB, 1024x1032px) Image search: [Google]

139KB, 1024x1032px

>>57229347

It just works.

> FOSS sucks more ass than Elton John and George Michael in Key West on Gay Day.

>>57247865
Point stands

File: 1472174678294.png (98KB, 1612x739px) Image search: [Google]

98KB, 1612x739px

>>57247806
>>57247865
oops this is it

>>57229347
>>$CURRENT_YEAR
>$
fucking php fags

File: d7f.png (500KB, 700x525px) Image search: [Google]

500KB, 700x525px

>>57230723


Obviously you have never met an actual police officer in the US.
They have higher rates of domestic abuse than NFL players. My point? They're not good people and that WILL abuse their power whenever they want. I'm not worried about the Federal government - I'm not a big enough deal to pop up on their radar.
I'm worried about the common criminal and local cop. I'm more concerned with the local cop because I have no recourse if he does something to me. My last boss sold steroids to half of the local city and county cops, including the Sheriff's department.

File: 1463259516426.png (70KB, 1045x636px) Image search: [Google]

70KB, 1045x636px

these aren't working for me so far, what am i doing wrong here?

File: 1447315734327.png (19KB, 806x617px) Image search: [Google]

19KB, 806x617px

>>57248650

>>57236994
man gpg

>>57236994

gpg4win, GPGtools

File: man-kissing-woman-meet-women.png (78KB, 309x169px) Image search: [Google]

78KB, 309x169px

>>57237695

None of you on here need the added supposed security of that magical audit.
Quite frankly the federal government doesn't give a rat's ass about a bunch of aspie gamers.

Get laid, kids.

>>57249877
Encryption and other technologies that prevent the government from being able to see things are technologies that everyone should use, whether they think they "need" them or not. If everyone uses them, the people who do really need them will not stand out.

i have nothing to hide
pointless

>>57229347
>$CURRENT_YEAR
You should use echo command to actually display the value of current year.

>still not encrypting your whole system with LUKS+dm-crypt or Veracrypt
This won't protect you from getting your memory dump from OS with a backdoor, where the encryption key is stored.
This also won't protectu you from the baseball bat in the corner of the street method of extracting passwords.

>still not signing and (if possible) encrypting all your e-mails with GnuPG
Various algorithms may have designed in them backdoors, also since the OS is vulnerable, so what that the mail on the way between computers is intercepted. This is too much hassle for normal people like my girlfriend. She has other things to do than to learn how to use yet another program just to send me a cute mail about nothing that important.

>still not using TextSecure/Signal to encrypt all your SMS and phone calls
Bitch please, the GSM itself requires to know your location, if you don't use prepaid, the the operator already knows a lot about you, not to mention that the OS or such applications may have backdoors in themselves.

>still not using Telegram as your only instant messaging program
Telegram has already been proven to not be secure. Look it up.

>still not enabling DNSSec
>Still believeing in computing privacy

>>57250052
>it's the current year
However you display it, it's high time we started cleaning up our act on security.

>disk encryption
Disk encryption is something you should use anyway, because it protects you in the event your computer is stolen. This happens much more commonly to normies than three-letter agencies engaging in rubber-hose cryptanalysis.

>email
First, see >>57249946. We want a world in which encryption is the norm and encrypted communications do not stand out for special scrutiny.
Second, there are several email providers that integrate the crypto step for you to make it easier. Google isn't one of them because they want to read your email for their marketing creatures to analyze.

>Signal and Telegram
Yeah, perfect security is pretty much impossible on phones. That doesn't mean that you shouldn't bother with any. It's very worthwhile to have some protection most of the time, instead of having none at all all of the time. And again, the greater the percentage of total network traffic that's encrypted, the better for everyone.

>DNSSEC
DNSSEC gives you no privacy anyway. It authenticates DNS traffic but does not encrypt it. If you use DNSSEC you can be sure that the response you get is the one that the DNS server sent, and nobody has changed it. But it's sent in cleartext and a passive adversary on the network could still have read it. Your ISP can see which IPs you connect to, so a VPN is what you need to deprive them of a record of every website you visit.

You can also use DNSCrypt so that passive adversaries on the network won't be able to see which lookups are occurring, whether or not they can see who's doing them.

Making life hard for passive adversaries is an important job. The NSA certainly can use active, target attacks. But those are more difficult, don't scale nearly as well, and are much more likely to be detected.

>>57250287
Man, I've been where you are right now. Offline PC for private computing, nothing else gives you reasonable security.

>>57250287
Forgot to write, encrypted home partition in Ubuntu is enough since like you wrote, NSA won't steal my PC, but some nigger may. Despite how it's called, Ubuntu is not known by niggers.

File: images.png (6KB, 219x230px) Image search: [Google]

6KB, 219x230px

>>57249946

I agree; but you missed my point.
Dismissing Veracrypt because it wasn't properly audited is wrong.

>>57229347
Using any of those things puts you onto a watchlist since it's such a small group and the ratio of terrorists to non-terrorists is so high