Encryption

wewlads

I use veracrypt. Apparently, the software is audited every so often, but one shouldn't assume that it is the end all be all option. Additionally, veracrypt let's you nest or cascade ciphers. For example, I use Veracrypt for FDE purposes and have neated the AES, Twofish and Serpent ciphers.

Luks unless terrorpedo

Just use fucking veracrypt
Truecryptfags remind me of those old people who don't want to upgrade from Windows XP

LUKS

What if the secret agent gets mugged? Then the bad guys have the secret info

but audited by whom is very important...

i dont know much about veracrypt. i'll look into it. people like truecrypt because FBI is unable to crack it after years. pedos have been saved by it so we know its secure. they even tried to pass laws about distributing truecrypt.

but in recent years became compromised, so knowing the last "uncrompromised" version becomes a reason for concern.
using something that's tried and true is very important since its so easy for encryption software to be compromised from the start.

any reasons to use luks over veracrypt?
im going to look into both.

For encrypting what, and encrypting it how? I guess you're talking about full-disk encryption, but you don't make that clear.

I've heard your mother is a whore. So I guess we've both "heard" something. And everything we hear is true, I guess.

nothing you said had any value. why even post?
read the last sentence in the OP.

truecrypt is compromised. thats known. but when it was compromised is up for debate. next time maybe focus less on being a smartass and focus more on being less ignorant about the topic ^_^

Just use dm-crypt you nonce

Thanks for the suggestion.

why dm-crypt?
why not veracrypt?
why not luks?
why not truecrypt?

Here's my opinion, luks is a frontend for dm-crypt and truecrypt and veracrypt are very similar as well. Ultimately when your crypto is put to the test what will matter is what type of crypto you are using and how good the entropy supplied is. Evil maid and key stealing would be strongly preferred to cracking the key, if someone had a zeroday that could decrypt the volume without any other key/entropy data it would be very valuable and they wouldn't even want to imply it's existence (easy patch). I use luks because it is pretty standard and I know that if it comes down to it the value of my data is far less than the exploit, so I don't worry about software bugs and instead focus on airgapping and making sure key stealing is as hard as possible. I don't like truecrypt/veracrypt because windows is the best platform to get your keys stolen on and no serious crypto project should encourage windows usage, but it is better than nothing.

What are you talking about? I use Veracrypt on MacOS.
It's on Linux and FreeBSD too.

GPG with AES-256 because muh hardware acceleration

That's some nice RSA encryption you got there.
Wouldn't it be a shame if someone... cracked it four years ago.

Attached: how do my mochi balls taste.jpg (300x269, 37.82K)

elaborate maggot

user is, indeed, a maggot.

I believe the autistic looking gentleman in the photo is Shinichi Mochizuki, a Japanese mathematician who came up with something called Inter-universal Teichmüller Theory a few years ago. It's not at all clear that his proofs are correct, but if they are, they would have a number of important consequences in the field of number theory, like proving the abc conjecture, and some stuff with elliptic curves.

I haven't read that Mochizuki's theories--if they're even correct--would have any impact on RSA or elliptic curve cryptography. I think people just hear "prime numbers" and "elliptic curves" and assume that they do.

do these work with vp9?

WARNING: Using TrueCrypt is not secure
truecrypt.sourceforge.net/

why does it say this? how is an old truecrypt volume no longer secure? i have not heard of any exploits or anything that would allow anyone access to even ones that are years old.

anyone hear anything to the contrary?

YOU ILLITERATE NIGGER, IT IS SECURE
The entire code was audited and they came to the conclusion that there were some unimportant
(i dunno i think it was like 5) bugs but none related to security.
Thus the prevalent conclusion is that the US government took it down since the past has shown that it works too well.
Last working version is 7.1a and you can get it here: truecrypt.ch/downloads/

nigger, it literally says that at the bottom of the stupid site i just linked. i copy/pasted it.
thanks for answering the question though. maybe you'd know:
i've heard rumors that the government or whatever put out a compromised version of truecrypt, making older versions more secure.
7.2 is the latest version, is that the compromised one and 7.1a the last uncompromised one?

do we have any sources of this? or any proof that 7.2 is indeed compromised?

and on the top but it doesn't make it better that you just copypasted something and made it look important and true by using a heading.
No. It's like a shitty downgrade which can only decode to make people decode their stuff and move to a different non-secure alternative like Bitlocker which basically gives the government a second key so that they have access to everything (see guide on the website).

i needed an attention grabber in this thread.
image board version of clickbait.

holy fuck, for real? thats crazy... i have an older version than 7.1a, whatre the odds they snuck in some exploits into 7.1a and the older ones are "better"? is there some kind of log of those audits you mentioned?

right now im using veracrypt. pretty happy with it. but i still have old truecrypt volumes that i use and open with truecrypt.

I'd recommend 7.1a as that's the one audited.
Fuck "might be better".
opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf
vid in German: youtube.com/watch?v=IO6wRzKuRzg

If the spooks shut down truecrypt, why do they let vercacrypt operate in broad daylight?

thats what i wanted to know.
thank you.

a) It's not based in the USA
b) It could have vulnerabilities
Pick one.

Use LUKS. Truecrypt and Veracrypt just works like shit on Gahnoo/Loonix and if you are using Windows, you might as well just pick Bitlocker for securing your collection of explicit minor imagery.

A custom shell script that uses 3 passes of base64.

One time pads is the most secure form of encryption

With hardhats and big, thick stalagmites?

Attached: 1460258154909.jpg (374x347, 38.64K)

I use luks, but I've setup ecryptfs on a volume as well just for trying out.

Good point, anyone here experimented with hardware rng? Thinking bout either buying one or building one.

If you have a recent Intel or AMD CPU, you're using one already.

en.wikipedia.org/wiki/RDRAND

I use LUKS with aes-cbc, 256 bit key, pbkdf2-sha256.

cryptsetup benchmark shows AES is by far faster than other algorithms, likely due to optimizations in the processor, and AES-CBC provides the fastest decryption at about 4000mbps, encryption at 1200mbps. AES-XTS does both around 2300mbps but since reads are more common than writes I went for optimized read speed. Either CBC or XTS mode is secure enough for me.

More important is to choose a long, secure password. Every time I boot my computer I have to type out a 20-character password.

Also I use webdav to sync an encrypted container with some important documents like my birth certificate, tax forms, etc, container is created with ctmg - git.zx2c4.com/ctmg/about/

He says he saved the container with the ending .png which is retarded because it's obvious it's not an image.

a lot of people wouldnt realize that tbh

Based EU privacy laws

No encryption is secure as you're running it on backdoored processors. Your best bet is using something esoteric but reasonable that the processor probably doesn't know how to spy on and leak its keying material. Even if it's not the most secure algorithm, is the threat to you that academics will spend years cracking some rando's algorithm just to get you specifically, or that you're getting compromised by blanket surveillance?

How would you take input from a hardware RNG that exists at /dev/foo and use it to generate randomness for a gpg key? Would you just use dd?

Zig Forums H&K vp9 or /webm/ libvpx-vp9? ;^)

Also obligatory reminder:
ALL IS BOTNET
Obligatory shitpost:
Use ROT13, what more do you need?

On a more serious note:

THIS.
Throw in a number station if you're serious and not only want to make it onto a list, but get crossed off that same list later

Telling what encryption I use would lose the "security by obfuscation" element of said encryption, and not be a smart move on my part, so brew your own.

If you're not using tamper-proof single photon quantum cryptography, and are merely performing digital encryption that isn't FDE at the least do it on an air gapped system, preferably via a live disk, with steganography somewhere in the mix. YMMV

Those who are most likely not even interested in finding your encrypted files will not even care.
Those that do care, already know it's not an image.

Best encryption mode by encryption/decryption speed?

OTP

TrueCrypt is deprecated, use VeraCrypt

Depends on how far down the rabbit hole you want to go. Intel Management Engine, Intel processor vulns, AMD backdoors, Windows and MacOS are both not to be trusted, best bet is getting OpenBSD running on a RISC-V dev board and even then you are relying on security through obscurity. Cryptography can be great but only one thing needs to be compromised in order to make your encryption useless. Let's say you airgap, then you have to worry about TEMPEST shielding, so you pick a Faraday cage then you have to worry about proximity to the machine because if you get targeted by something like ODINI or MAGNETO, then the adversary could use low frequency electromagnetic radiation off of your CPU to steal your key. Granted, to do that they'd have to get ODINI or MAGNETO onto your machine, either through supply chain or compromising a host you use and infect a USB you plug into it and wait for you to plug into your airgapped machine.

What you need to consider is a threat model, is your data worth that much effort? They could just MitM your internet or if you use a VPN depending on the type of connection, they can attack your VPN connection (NSA), or they can do what they did with IPVanish, who claims to not keep logs but gave logs to DHS for a dude who was sharing CP on an IRC server. Let's say you use Tor, the big things there are canvas fingerprinting, leaking data through HTML5 video, browser exploits, JavaScript, etc. Tor doesn't protect you from browser exploits that allow remote code execution.

Reduce your perceived risk, don't have anything to do with illegal graphic content of minors.

You're more of a target if you are involved with drugs or CP than if you are hacking.

So just stop with the CP, follow the law and you have nothing to worry about outside of spy agencies.

i may have html5 video confused with webRTC, but perhaps that is how HTML5 video is transferred

What about whistleblowers or protesters? I'm sure they need privacy just as much as the average joe does.

Whistleblowers and protesters need privacy too, especially when it comes to reporting corruption or human rights violations, even in the US. When people say don't do anything illegal or look at CP, they forget that agencies use CP as a means to spy on people doing lawful acts for perceived threat. CP is often used as a wedge to chill freedom of expression too.

All scum bag who is not worth our time. GTKRWN though... THAT is where we need privacy

Nice try, CIA NIGGER

...

You don't really believe that the CIA doesn't have enough computational power to crack 256-bit AES, do you?

Attached: db6a89956144cf31749d83fa3c4d6c1b0f9384eec14ea2d1c22b6bc630e7e060.png (381x363, 142.79K)

Why would they need to when the hardware is backdoored?

Proofs they could bruteforce? Is this like meme magic or something from Zig Forums?

this

Attached: 200px-Zavoisky.JPG (200x271, 12.04K)

Just because you can say buzzwords doesn't mean you're right.

That's actually the real threat to the state, not drug dealers or pedos or terrorists. The later are simply excuses to crack down on individual freedom, but the real objective are the former. The FBI and related agencies and police will of course go after terrorists and pedos in a selective manner (some they'll just ignore or outright cover-up for) because it justifies their job and thus funding, but they will always go after the real threats.

It's not. HTML5 video works fine without WebRTC. It's basically just a tag which embeds your file. Often javascript is used for things like playing separate video and audio files in parallel. (YT does this), buffering (I believe) and a proper UI.

WebRTC is primarily for VoiP, video chat, and low latency (measured in milliseconds) livestream solutions.

But then why WebTorrent?

Unless it is backdoored, 256-bit is impossible.
hooktube.com/watch?v=S9JGmA5_unY
IF they have a (((backdoor))), use Serpent, Twofish, Camellia and/or ARIA together to multi-layer encrypt.
eprint.iacr.org/2009/093.pdf
veracrypt.fr/en/Cascades.html
crypto.stackexchange.com/questions/51033/which-cascade-is-safest
blog.cryptographyengineering.com/2012/02/02/multiple-encryption/

Without a flaw in the implementation, that's physically impossible.

If you somehow managed to reach the lower theoretical limit of energy consumption of computation, the entirety of our solar system only has enough mass energy to count to 2^225.

There's always a flaw in the implementation, such as Block crypto being stored in something besides the physical geometry of hardware (ie: XTS mode).

Really all we have is the Signal protocol to protect against indiscriminate mass spying, and whatever kind of insanity you can come up with putting together free hardware and using AES GCM mode or Daniel Bernstein elliptic curve crypto to communicate though they'll just turn on the phone remotely in your pocket and listen to you typing keys and figure out what's happening.

There is no way to protect yourself if you are targeted by a nation state with consumer grade hardware, without a SCIF that costs millions of dollars and physical isolation. That's why Russia is handwriting shit these days so they don't get Reality Winner'd/Snowden'd/Manning'd.

All that means is that you'd need a significant workforce to do clerical work for your information storage. If you intentionally want your information processes to be slow, then I suppose that makes sense.

See

We are told that spies are reading SSL-encrypted messages at their leisure. We are also told that saboteurs have infiltrated international standards committees for the purpose of weakening crypto systems. This gives you indigestion? Don’t rely on security systems designed by committees! PKI is – and has always been – a sham. A cheap sham, at that. Consider the fact that Bitcoin, for all of its faults, gets by perfectly well without anything resembling PKI. Loudmouth activists, who put up such a ferocious fight against outright key escrow in the ’90s, ended up buying the very same wine in a different bottle with SSL and every other PKI-based faux-security system currently in use – where you are stuck with relying on a handful of con artists not to cough up the master keys to whomever they please.

Let’s go back to your kitchen. It is squeaky-clean, you say, because nowhere in your house do you make use of Microsoft’s miserable imitation of an operating system. Guess what, the mounds of garbage are still there, stinking brazenly; the mice leap, they play without fear, because virtually all of your cryptographic needs are serviced by some variant of OpenSSL. What a monstrous turd of a library! Have you read and understood it – any of it? Do you personally know a single living soul who has done so? Dare to contemplate the very idea of plowing through these megabytes of gnarly crapola. But let’s examine the reason for the bulk. The idiot ‘C Machines,’ and the few operating systems commonly used therein, are, one could almost say, criminally negligent in failing to provide any real support for most of the basic building blocks of modern computing: from bignum arithmetic to garbage collection. Authors of libraries like OpenSSL are to be applauded for their feat of creating something useful on top of this obscene Babel. But the result is always and inevitably a pile of garbage – comprehensible4 by no one, with plenty of hidey-holes for creepy crawlers of every species. Get the conceptual foundations right, and the vermin scurry away.

I for one am greatly surprised to see respectable men of science like Bruce Schneier calling for lawsuits and parliamentary hearings to rein in the snoops. The very notion of limiting the authority of a secret police agency via laws and regulations is laughable. Quis custodiet ipsos custodes? Who is going to bring down the law upon these fellows? You? Your neighbor? Mr. Schneier? The Pope? The Grand Inquisitor? 5

On top of it all, I fail to grasp the public’s anger at our cloak-and-dagger friends. It is much like hating the Public Executioner for chopping heads. It’s what he’s paid for! If you don’t care to be separated from your head, take some measures. Said measures could be political (bow in eternal fealty to your beloved Führer) or technological6. The one measure which is guaranteed not to work is whining.

Civilized society traditionally privileged certain professions – medicine, law, the priesthood – in return for certain obligations. A priest takes an oath not betray the seal of confession, and in return he is trusted with the most damning secrets. The doctor swears not to harm his patient, even when the latter has committed terrible crimes. The lawyer tries to defend miscreants he knows to be guilty. One clever soul suggested applying this doctrine to yet a fourth profession, creating a kind of “programmer priest.”

Perhaps one day there will indeed be someone you can trust to pronounce – truthfully and competently – that a crypto-system is strong, that a protocol has not been diddled, that your computer serves only a single master. But don’t hold your breath; today’s digital shaman will not help you; he is on the king’s payroll, and will speak the words he was ordered to speak by his liege-lord. And no seal of confession seals his lips. So if you want security, you will have to achieve it on your own: by using systems which you actually understand. All the way down to the silicon. These do not presently exist, but could be made to exist.

Bringing the comprehensible computer into existence is no easy task – but it is surely a considerably-easier (and ultimately more rewarding) task than trying to persuade the headsman to put down his ax and leave your head on its shoulders merely from the kindness of his heart (or because a piece of parchment, written long ago, proclaims that your head ought to stay attached.) Clean up the kitchen – banish the vermin. While you still can. Or learn to live with the squeaks, the ruined food, the dung.

wtf i hate TLS and everything that's not a Lisp machine now

Actually, whoever you copypasta'd that from makes some good points. Still totally unhelpful from a practical perspective, though.

You can always refuse to use any kind of computer, refuse to speak, and only communicate via a whiteboard that you thoroughly wash every night and sleep with so that no one can get the old traces of what you've written.
And put materials that block X rays and microwaves all over the house.
And don't use anything that has RFID.