Berkeley CSUA MOTD:2003:August:10 Sunday <Saturday, Monday>
Berkeley CSUA MOTD
2003/8/10-11 [Computer/SW/OS/FreeBSD] UID:29296 Activity:nil
8/10    Free/OSS or cheap XML editors for Linux/FreeBSD?
        \_ emacs xml mode
2003/8/10 [Uncategorized] UID:29297 Activity:nil 66%like:29298
8/10    If you're wondering what that stench is, BPD says a richmond refinery
        had a spill/release of sulfuric acid. or maybe just somebody farted.
2003/8/10 [Uncategorized] UID:29298 Activity:high 66%like:29297
8/10    Damn, who farted? Actually, BPD says a richmond refinery had a
        spill/release of sulfuric acid at 9pm saturday.
        \_ it's all a lie.  i farted.  BPD was just covering my ass.
2003/8/10-12 [Computer/SW/Security] UID:29299 Activity:very high
8/10    I'm looking for an encryption software package for windows 2000 that
        works on a per-directory or drive basis and is transparent.  Meaning
        once I authenticate myself I can create files or copy stuff into the
        folder and it'll be encrypted automatically.  Word, Excel, TurboTax,
        etc should all work with this encrypted folder.  For individual files
        I can use pgp.  But when working with a lot of files, I prefer not to
        think and just dump the files into a directory. I'll buy the software.
        Not looking for free stuff.  Thanks.
        \_ Whatever you do, avoid EFS.  It has its uses, but its key management
           is immature and difficult to manage.  You may also want to have a
           look at Utimaco Safeguard Easy (it's not on a per-directory basis,
           but might give you something to work with.)  -John
        \_ for enterprise level you might consider a NAS or SAN product like
           the datafort from Decru. the nas product does per file encryption
           on the fly.. plus can do end-end cryption btwn it and your desktop.
           for just local storage, i recommend either f-secure or pgpdisk,
           both create a virtual volume on the local drive and maintain a
           file system structure w/in that volume. from experience w/ both,
           pgpdisk at least used to be easier to use. you can find it at
  of course. -shac
        \_ You can also try BestCrypt.  You can mount an encrypted file as a
           removable drive.  I've been using it for more than three years
           now to keep my personal stuff secure on my work laptop.
        \_ Steganos Security Suite.  Tools include Steganos Safe (like PGPDisk),
           Internet Trace Destructor, Email Encryption, Shredder, Password
        \_ Which tools work on both Linux and Windows platforms?
        \_ here is my stupid question.  Where do you guys store your
           private key ring when you are using any of these product?
           the very same laptop/computer that you are encrypting upon?
                \_ This is the problem.  Probably the best place to store
                   a private encryption key is on something like a smart card,
                   which can itself be PIN-code protected.  One of the main
                   weaknesses of most drive encryption products (this is my
                   beef with EFS) is that it's nearly impossible to keep
                   track of peoples' private encryption keys--Entrust does a
                   good job of this, I'm not sure of other PKIs (MS does not.)
                   Ideally you'd have the keys somewhere local and secure
                   (like a hardware token inside a protected container) as
                   well as archived *very* securely for recovery purposes in
                   something like an encrypted CA/RA database.  For everyday
                   encryption (aunt Hilda's secret recipes, your porn) storing
                   keys in something like a GPG keyring should be enough.  -John
                   \_ My PGP foo is weak.  Please explain.  So what if I store
                      all the key stuff in the same laptop?  I thought that
                      without my passphrase people can't possibly crack it?
                      That's the whole point of the bigger and bigger sizes
                      I keep hearing about.  E.g. 1024 vs 2048 bit encryption.
                        \_ OK when you lose your encryption keys, you have a
                           problem.  A PKI (public key infrastructure) is a
                           mechanism that issues keys for encryption and
           your transfer rates will sky rocke while your disk usage will
                           signing etc. and, ideally, archives your private
                           encryption key in a safe place.  PGP/GPG work
                           differently, instead of having authoritative say
                           "Joe is OK", you have this idea of a "web of trust"
                           where you trust peoples' keys by consensus.  Key
                           size, to oversimplify it, just affects how hard it
                           is to crack something by brute force.  And as for
                           storing all your keys in one place, look at it like
                           a normal keychain--if you put all your keys on it
                           and it gets lost or stolen, you have a problem--you
                           should probably use a key safe or something.  Hence
                           the password protection or storing it on some
                           secure medium, like a smart card.  For some slightly
                           outdated docs on how a PKI (not PGP) works, have
                           a look at  -John
        \_ I use PhilCrypt with the compression option.  Works with all OS's,
           local, over NFS, HTTP, etc to NAS, SAN, with udp, tcp, iscsi, you
           name it!  PhilCrypt is the best and the compression option means
           your transfer rates will sky rocket while your disk usage will
           actually go down the more data you add to your PhilCrypt DataVault!
           Get "PhilCrypt DataVault Deluxe" (includes PhilCompression and
           advanced management features)!
2003/8/10-12 [Computer/Networking] UID:29300 Activity:moderate
8/10    Does anyone know how to force Win2k to use shared WEP authentication
        instead of open auth? WinXP has a control panel to enable this, but
        I can't seem to find the Win2k equiv.
        \_ Check the card settings (control panel->network connections->
           whatever card->properties->card configuration near the top.)  If
           that doesn't do it, I've seen manufacturer card tools take care
           of dealing with encryption options (Cisco, Linksys, Netgear and
           Lucent all have their own software that comes with the drivers.)
           Check the manufacturer page for downloads.  -John
        \_ WEP is only to protect the privacy of your connection, right?  Is
           there a way to allow only certain users to connect to your wireless
           access point?  If someone gets a hold of the WEP password, they can
           share that with anyone, and anyone can get access, right?  How can
           a wireless access point be configured to allow access to only
           people you want?
                \_ PPPoE or something like that.  You can also use the
                   network name in 'closed' mode (i.e. non-broadcasting),
                   although if you want serious security, you will run ipsec
                   over your wireless links.  -John
                \_ Some wireless APs will do MAC address or other filtering
                   but that's still not real security.
Berkeley CSUA MOTD:2003:August:10 Sunday <Saturday, Monday>