Entry 29299 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 29299

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/24 [General] UID:1000 Activity:popular

5/24

2003/8/10-12 [Computer/SW/Security] UID:29299 Activity:very high

8/10    I'm looking for an encryption software package for windows 2000 that
        works on a per-directory or drive basis and is transparent.  Meaning
        once I authenticate myself I can create files or copy stuff into the
        folder and it'll be encrypted automatically.  Word, Excel, TurboTax,
        etc should all work with this encrypted folder.  For individual files
        I can use pgp.  But when working with a lot of files, I prefer not to
        think and just dump the files into a directory. I'll buy the software.
        Not looking for free stuff.  Thanks.
        \_ Whatever you do, avoid EFS.  It has its uses, but its key management
           is immature and difficult to manage.  You may also want to have a
           look at Utimaco Safeguard Easy (it's not on a per-directory basis,
           but might give you something to work with.)  -John
        \_ for enterprise level you might consider a NAS or SAN product like
           the datafort from Decru. the nas product does per file encryption
           on the fly.. plus can do end-end cryption btwn it and your desktop.
           for just local storage, i recommend either f-secure or pgpdisk,
           both create a virtual volume on the local drive and maintain a
           file system structure w/in that volume. from experience w/ both,
           pgpdisk at least used to be easier to use. you can find it at
           http://www.pgp.com of course. -shac
        \_ You can also try BestCrypt.  You can mount an encrypted file as a
           removable drive.  I've been using it for more than three years
           now to keep my personal stuff secure on my work laptop.
           http://www.jetico.com
        \_ Steganos Security Suite.  Tools include Steganos Safe (like PGPDisk),
           Internet Trace Destructor, Email Encryption, Shredder, Password
           Manager
        \_ Which tools work on both Linux and Windows platforms?
        \_ here is my stupid question.  Where do you guys store your
           private key ring when you are using any of these product?
           the very same laptop/computer that you are encrypting upon?
                \_ This is the problem.  Probably the best place to store
                   a private encryption key is on something like a smart card,
                   which can itself be PIN-code protected.  One of the main
                   weaknesses of most drive encryption products (this is my
                   beef with EFS) is that it's nearly impossible to keep
                   track of peoples' private encryption keys--Entrust does a
                   good job of this, I'm not sure of other PKIs (MS does not.)
                   Ideally you'd have the keys somewhere local and secure
                   (like a hardware token inside a protected container) as
                   well as archived *very* securely for recovery purposes in
                   something like an encrypted CA/RA database.  For everyday
                   encryption (aunt Hilda's secret recipes, your porn) storing
                   keys in something like a GPG keyring should be enough.  -John
                   \_ My PGP foo is weak.  Please explain.  So what if I store
                      all the key stuff in the same laptop?  I thought that
                      without my passphrase people can't possibly crack it?
                      That's the whole point of the bigger and bigger sizes
                      I keep hearing about.  E.g. 1024 vs 2048 bit encryption.
                        \_ OK when you lose your encryption keys, you have a
                           problem.  A PKI (public key infrastructure) is a
                           mechanism that issues keys for encryption and
           your transfer rates will sky rocke while your disk usage will
                           signing etc. and, ideally, archives your private
                           encryption key in a safe place.  PGP/GPG work
                           differently, instead of having authoritative say
                           "Joe is OK", you have this idea of a "web of trust"
                           where you trust peoples' keys by consensus.  Key
                           size, to oversimplify it, just affects how hard it
                           is to crack something by brute force.  And as for
                           storing all your keys in one place, look at it like
                           a normal keychain--if you put all your keys on it
                           and it gets lost or stolen, you have a problem--you
                           should probably use a key safe or something.  Hence
                           the password protection or storing it on some
                           secure medium, like a smart card.  For some slightly
                           outdated docs on how a PKI (not PGP) works, have
                           a look at http://ospkibook.sourceforge.net  -John
        \_ I use PhilCrypt with the compression option.  Works with all OS's,
           local, over NFS, HTTP, etc to NAS, SAN, with udp, tcp, iscsi, you
           name it!  PhilCrypt is the best and the compression option means
           your transfer rates will sky rocket while your disk usage will
           actually go down the more data you add to your PhilCrypt DataVault!
           Get "PhilCrypt DataVault Deluxe" (includes PhilCompression and
           advanced management features)!

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/24 [General] UID:1000 Activity:popular

5/24

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil

7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...

2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil

7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...

2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil

4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...

2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil

11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...

Cache (51 bytes)

www.jetico.comFRAME: JETICO_MENU FRAME: JETICO_HOME References 1.

Cache (550 bytes)

ospkibook.sourceforge.netThe Open-source PKI Book This project tries to collect the necessary information to create a document that describes Public-Key Infrastructures, current PKI standards, explains practical PKI functionality and gives an overview of available open-source PKI implementations. Its goal is to foster the creation of a hign quality open-source PKI. Quick list * The OSPKI Book is written in DocBook (SGML) * The currently supported output formats are PDF, PostScript, HTML, DVI and RTF * The print formats distributed are for A4 paper size, 10pt font size.

Cache (431 bytes)

www.pgp.comBetas >> PGP Corporation PGP Corporation develops secure-messaging and information-storage solutions used by thousands of corporate and millions of individual users worldwide to protect their confidential, sensitive, and proprietary information. Required to use PGP products? Meet vendor or supplier mandates to secure email PGP Case Studies 21 H. PGP Corporation. All rights reserved. References Visible links 1. Hidden links: 28.