Blackblogs.org

Flattr this!

Blackblogs.org by nadir.org provides a platform to publish blogs with an emancipatory and non-commercial attitude. For opening a blog with blackblogs.org, we require you to agree on this policy. We do not offer this to political parties or religious groups and we will delete blogs that do not comply.
Our servers only log informations necessary for debugging and we don’t want to know who uses our platform.
To enforce the use of non-logging anonymous email adresses on decentralised self-managed servers of friendly tech collectives and to prevent the use of blackblogs.org by people not sharing emancipatory political ideas, we only accept registrations with email addresses from one of the following providers sharing our policy:

immerda.ch, so36.net, nadir.org, puscii.nl, autistici.org, systemausfall.org, systemli.org, free.de, zeromail.org, espiv.net, mtmedia.org, riseup.net

Stop using Gmail, GMX & Co.! We recommend you use a dedicated email address just for running your blog on blackblogs.org. For better anonymity use Tor or Tails to connect to blackblogs.org.
Our idea of the use of this service is supporting campaigns, groups and individuals in their struggle for a more emancipated world. There is a multitude of ways to use blackblogs to get there – the choice is up to you.

Blackblogs.org runs on self-managed infrastructure and all work is done voluntarily. We invite you to support your blackblog and the nadir project by some contributions from time to time.

from blackblogs.org

VeraCrypt

Flattr this!

 

VeraCrypt

VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and that is based on TrueCrypt.

What does VeraCrypt bring to you?

VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt. The following post describes parts of the major enhancements and corrections done so far: https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325

As an example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.

This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted data.

Starting from version 1.0f, VeraCrypt can load TrueCrypt volume. It also offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format.

UPDATE December 30th 2014 : VeraCrypt 1.0f is out with many new features and enhancements. The most notable ones are the support of mounting and converting TrueCrypt volumes, and the speedup of the mounting process through the manual selection of the correct PRF algorithm. Download for Windows is here.

As usual, a MacOSX version is available in the Downloads section or by clicking on the following link. It supports MacOSX 10.6 and above and it requires OSXFUSE 2.3 and later(https://osxfuse.github.io/). MacFUSE compatibility layer must checked during OSXFUSE installation.
Also a Linux version is available in the Downloads section or by clicking on the following link. The package contains the installation scripts for 32-bit and 64-bit versions, and for GUI and console-only version (choose which script is adapted the best to your machine).

All released files are signed with a PGP key available on the following link : https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc . It’s also available on major key servers with ID=0x54DDD393.
Please check that its fingerprint is 993B7D7E8E413809828F0F29EB559C7C54DDD393.

SHA256 and SHA512 sums for all released files are available in the Downloads section.

VeraCrypt on the fly encrypting the system partition :
VeraCrypt Partition Encryption

VeraCrypt creating an encrypted volume :

VeraCrypt encrypted volume creation

Changing the GUI language of VeraCrypt
VeraCrypt Language Selection Dialog

Frequently Asked Question

Online Documentation (click here for latest User Guide PDF)

Windows / MacOSX / Linux / Source Downloads

Android & iOS Support

Release Notes

from here

LEAP Encryption Access Project

Flattr this!

 

 

LEAP is a non-profit dedicated to giving all internet users access to secure communication by making encryption technology easy to use and widely available.

Many people, particularly journalists, still rely heavily on email communication, and the stakes could not be higher. Sources are being jailed, and in some countries, journalists are dying because their communication technologies betray their identity, location, and conversations.

To address this, LEAP has created a free, open source email system with both high security and ease of use. The LEAP application works by providing a local proxy that a standard email client connects to. The application takes the pain out of sending secure emails by quitely handling the complexities of public key encryption: automatic key management, decryption of incoming mail, and encryption of all outgoing email (using OpenPGP). Along with the application, LEAP has also created “provider in a box” server software to lower the barriers for aspiring service providers.

Project: Encrypted Email Made Easy

By taking the approach of a custom server and a custom application, a LEAP-powered system has several security advantages over typical encrypted email: incoming email is immediately encrypted by the service provider so only the recipient can read it; email is always stored client-encrypted, both locally and when synchronized with the server; all message relay among service providers is required to be encrypted (when this capability is detected); and public keys are automatically discovered and validated.

This system is not perfect: the limitations of existing email protocols means that protection of meta-data and forward secrecy are the responsibility of the service provider. However, other important security properties, such as confidentiality and authenticity, are “end-to-end” and do not rely on the service provider. Obviously, when a user sends email to someone who has never used encrypted email, then the communication works like normal email, with all the normal security problems. In the long run, we all probably need to migrate beyond email. For now, LEAP is pushing the boundary of how secure email can be and how usable encryption can be.

After a year of development, LEAP will be releasing a public beta of the application and server platform in early 2014, but they have a lot of work ahead to create a truly stable product. All donations received by LEAP will be devoted to programmer time for fixing bugs, improving reliability, refining the user experience, and improving compatibility with Windows, Mac, and Linux. See https://leap.se/email for more information.

from here

Open WhisperSystems

Flattr this!

 
 

Open WhisperSystems is the maker of RedPhone and TextSecure, free and open-source software designed to allow users to make end-to-end encrypted phone calls and text messages from their regular mobile phone.

Moxie Marlinspike is a core contributor to the Open WhisperSystems project. His research has focused primarily on techniques for intercepting communication, as well as methods for strengthening communication infrastructure against interception. Formerly the head of the security team at Twitter, he currently dedicates most of his time to working on privacy enhancing technology projects.

Project: Encrypted iPhone Calls and Texts

RedPhone is a Free and Open Source private calling app designed to be dead simple to install and totally frictionless to use. It provides end-to-end encryption for a users’ calls, but integrates directly into the Android dialer and contacts so that a user doesn’t have to alter their workflow in any way.

TextSecure is a Free and Open Source end-to-end encrypted asynchronous chat app, designed to mimic the standard text messaging experience as closely as possible. Open WhisperSystems’ TextSecure efforts are focused on advancing the state of the art for asynchronous forward-secure messaging protocols, while simultaneously making those advancements as invisible and effortless as possible for the user.

Projects like RedPhone and TextSecure enable journalists, activists, and democracy advocates to communicate securely without adding friction or altering their workflow. Donations will help with improved RedPhone call quality and the development effort for iPhones.

from here

OnionMail

Flattr this!

 
 

What is OnionMail

OnionMail is an open source SMTP/POP3 compatible mail server with some functions designed for Tor hidden services. OnionMail use filesystem cryptography and some extended functions. This server also allows you to use the email in the tor network without losing the ability to communicate with the Internet.

«In the future, maybe we will implement the anonymous coffee!
Today, only OnionMail
😉 »


OnionMail functions:

  • Multiple instances of server. (multiple indipendent hidden services).
  • Native PGP integration for subscriprion and server`s message.
  • Subscription via PGP encrypted email.
  • VMAT Protocol (can use normal mail address without .onion).
  • SSL cryptography by default. (STARTTLS 2048 bits)
  • Multiple encryption everywhere, RSA + AES +  RSA + AES with salt.
  • Support unicode password (UTF-8 password and 2048 bits keyfiles).
  • Inhibition of store any message in relay server.
    (Only direct connection is allowed without multiple connections).
  • Metadata protection. NSA or GCHQ can’t read your metadata.
  • SMTP Compatibility.
  • Internet normal email compatibility.
  • AntiSpam, blacklist and realtime filters.
  • Decentralized trust system for SSL certificate and public keys and exit list.
  • Native mailing list support.
  • Garbage collector to remove automatically old messages.
  • Clock and time zone spoofing.
  • Server services and operations:
    Add / Remove mail address or mail server in blacklist.
    Mailing list Subscribe / Unsubscribe.
    Request of server “rulez”. (Server help).
    (All via mail message to the server directly “server@ xyz… .onion “)
  • JAVA Implementation for all platform.
  • Native version compiled with GCJ.
  • Localhost control port and server API.
  • Protected server password and keys (optionaly not saved).
  • IP BlackList
  • Onion BlackList
  • RSA Server and Tor connection authentication.
  • Connections via Tor Network.
  • Enter/Exit server to connect Tor to Internet and viceversa.
  • Statistics in csv format.
  • TorDNSLocalProxy to work with Exim4 and transprent SOCSK4A Tor Proxy.
  • Strong cryptography (RSA 2048 bits, AES 256 + AES 256 + AES 256 ).
  • Password key derivation via multiple keyfiles and passwords.
  • Deleting files with wipe by default.
  • Message headers filtering to hide informations and sigint.
  • POP3 TLS Access.
  • SMTP TLS Access.
  • User’s parameters.
  • Exit node selection to connect to internet.
  • M.A.T. Protocol to connect correctly Internet, Tor, email and OnionMail.
  • Server identification request via email to obtain the ssl certificate fingerprint.
  • Self headers rebound to verifiy the client’s mail headers and OnionMail filtering.
  • AntiSpam system.
  • And much more…..

Why OnionMail

The real question is: «Why not???».
OnionMail defends the right to confidentiality of communications.
OnionMail prevents clandestine espionage “otherwise democratic” governments.

How it works?

Usually other mail systems all mail messages pass through different SMTP servers often the connection is not encrypted.
With OnionMail the connection is always encrypted and the server does not saving data to disk. Only the recipient’s server stores the messages.

The message files into the server are encrypted with asymmetric key, which is encrypted with the password of the user and the server keys. In the event of theft, the system does not reveal any sensitive data.
It always advisable to use PGP or GPG to encrypt e-mail messages.
When a message is sent from the Internet it passes through the server Enter / Exit. These servers are the entry and exit nodes of Tor for e-mail. The user can choose which node to use to communicate to the internet.
Spam is short-lived because there are the custom blacklists. So each user can set their own spam filters.
All servers are federated to create a check system for SSL server certificates.
With systems like this X-Keyscore and similar technologies have big problems to intercept your mail messages.

Rules of Use
  • Messages with multiple recipients are allowed.
  • There aren’t Delivery Status Notification. If there are any problems email client responds with an error directly.
  • The message headers are filtered.
  • The hostname and ip addresses in the mail headers will be deleted or replaced with [0.0.0.0].
  • It compulsory to use TLS. (STARTTLS, SSL 2048 bits).
  • You can manage the Blacklist and block individual addresses or entire hidden service to block spam.
  • The messages are automatically deleted after a number of days even if unread.
  • You can request services and information to the server by sending a message to the server@xy … z.onion
  • Always follow the rules of the server. For more information please send a message with subject RULEZ to your server.
  • The SysOp, admin or root user can’t read your private email messages.
  • You can use anorma mail address via VMAT subscription to the exit/enter OnionMail server.

from here

 

Emails alternatives to Tormail

Flattr this!

 

 

With Tormail gone there are still a few alternatives if you want to use an email service that will not reveal your location

Use an anonymizing service that provides email if possible, if not you should choose a traditional SMTP mail service that does not log IP addresses and whose mail servers are outside of your country. If you are using a mail service with servers located in the USA never leave messages on the server because there is a high risk that the server could be compromised or seized.

Even outside of the USA it is good practice to always download all your mail messages to your computer using a local mail client. Protecting your mail client by encrypting your computer is also recommended.

If you are using a mail service that allows access by Tor consider using the FoxyProxy addon for Thunderbird to route your email through the Tor network; if Tor is not an option you can use a good VPN like Private Internet Access instead.

Anonymizing Services with Integrated Email

Bitmessage – highly secure messaging service that can function like email by using the Bitmessage E-Mail Gateway

i2p – the second largest anonymizing network after Tor. Free to use and provides anonymous email either through an SMTP server or an internal, distributed email system called i2p-Bote. The i2p SMTP server can be reached through a webmail interface called ‘Susimail’ or an email client like Claws Mail.

All messages on i2p-Bote are encrypted end to end removing the need to use PGP or other privacy software, and since the user can configure variable hop relays i2p-Bote is arguably the most anonymous email service available, however, email can only be sent within the i2p network between users of i2p-Bote.

Freenet – anonymous network with decentralized data storage and anonymous Freemail email plugin. While Freenet provides an http interface for browsing freesites, unlike JonDo and i2p a proxy to browse the web is not available. Like i2p-Bote, Freemail only works within the Freenet network.

Mail Servers Outside of USATor Hidden Service

Lelantos Mail – a well regarded mail service on Tor hidden services with servers outside of the USA. A lifetime subscription is less than $35 in bitcoin. Use PGP for sensitive email. Similar to Tormail, you can be reached from the web at your <username@lelantos.org> email address. Find Lelantos mail on Tor at lelantoss7bcnwbv.onion.

SIGAINT – free mail service on Tor. Javascript not required and webmail only. URL is http://sigaintevyh2rzvw.onion

Mail Servers Located in USA

Riseup.net – a collective based in the US that provides online communication tools for people and groups working on liberatory social change. Requires application and approval or invitation codes. Free email service does not log IP’s or embed IP addresses in mail headers. Also provides a free VPN for members.

Riseup can also be reached over Tor, see the chart:

VFEMail – free and paid email provider with the option to use a Netherlands server. Gold ($30/year) and Platinum ($50/year) plans automatically obfuscate metadata, a valuable option. VFEmail can also be reached via TOR at 344c6kbnjnljjzlz.onion.

Mail Servers Located in Europe

ProtonMail – free, end-to-end encrypted email service based in Switzerland.

Autistici/Inventati – A/I is an Italian collective similar to riseup.net that is dedicated to providing a full range of free, privacy aware internet services including webhosting and email. No logging of IP addresses. Requires application and approval. Recommended.

OpenMailBox.org – free email service based in France accessible by webmail, IMAP or POP3. Strips IP from mail headers and does not log. The volume on the server that stores messages is encrypted with LUKS. Now includes 1 GB cloud storage with a free email account.

Bitmessage E-Mail Gateway – Bitmessage E-Mail Gateway is a free service located in Switzerland that allows users to send and receive email to/from bitmessage addresses and also from/to any other email address. You do not need an email address to register and can access your mail through a webmail interface, Thunderbird or Outlook. It also provides an innovative ‘localhost access’ feature that allows you to hide your IP from the server and sent emails. Using the localhost access option you can connnect anonymously to the server without using Tor or a VPN, giving you anonymous email cheap and easy right from your browser. Can be accessed over Tor at bitmailendavkbec.onion.

Vmail.me – Vmail.me is a free service located in France offering webmail with IMAP and POP3 access. IPs are stripped from mail headers but the service does keep IP logs.

RuggedInbox – 100% open source, 100% free and ad-based, Tor friendly, with and without javascript webmail available. VPS is located at an offshore location data center: VPSBG.eu, based in Bulgaria.
Have a look at the features page for more options. Service in beta.

Clearnet url: https://ruggedinbox.com/features.php
Darknet url: http://s4bysmmsnraf7eut.onion/features.php

Mail Servers Located in Middle East

Privat DE Mail – free EU based email service that does not log IP addresses with mail servers in Egypt. Email to Israel is blocked, which also blocks mail to and from Safe-Mail.net. Open registration. Uses a self-signed SSL certificate which can cause browser errors; install the ‘Skip Cert Error’ add-on to correct in Firefox or register with Internet Explorer instead.

If using Firefox once the ‘Skip Cert Error’ add-on is installed go to Add-ons Manager in Firefox > Extensions > Skip Cert Error 0.3.4 then click on ‘Options’ and add mail.privatdemail.net to the domain whitelist and you should be able to register.

Privat De Mail can also be accessed over Tor at ybfg5ma65ug63ipj.onion using the webmail interface or an email cliet like Claws Mail or Thunderbird.

Other Tor Hidden Service

Mail2Tor is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
It is produced independently from The Tor Project.

For more information, or to signup for your free @mail2tor.com account (webmail, smtp, pop3 and imap access)
Please visit our tor hidden service at http://mail2tor2zyjdctd.onion
You will need to have Tor software installed on your computer to securely access Mail2Tor hidden services.

The Mail2Tor hidden service and SMTP/IMAP/POP3 are on a hidden server completely seperate from the relays.
The relays do not know (and do not need to know) the IP of the hidden service.
Because the communications between the relays and the “dark server” occur through the tor network, without using traditional internet protocols (ip).
This hidden server is not one of the Tor network nodes/public servers, whose IPs are known.
It is a private server that does not route traffic for tor users, but it is devoted exclusively to exchange data with Mail2Tor relays.
The entire contents of the relays are immediately deleted and it is not possible to “sniff” data because transmitted in encrypted way.

Sinbox – http://sinbox4irsyaauzo.onion

Sinbox is a secure online inbox for users of the Tor Network. It requires NO JavaScript or cookies and all messages sent through the system are encrypted using multi-layered encryption techniques.

Paid Email Providers

While our list recommends free or low cost email services, Proxomitron Forums also maintains a good list of paid Privacy Conscious Email Services

Promising Start Ups

Other privacy aware email startups in order they will probably be available:

Startmail – https://beta.startmail.com/

Mailpile – http://www.mailpile.is/

LEAP Encryption Access Project – https://leap.se/en/services/email

TAILS

TAILS is a live operating system that you can start on almost any computer from a USB drive and routes all your traffic through the Tor network. Because of the way TAILS is designed it leaves no traces of your internet activity on the host computer. Free i2p mail is integrated into TAILS as is the Claws Mail client. TAILS makes it easy to use free i2p mail. You can also setup Claws Mail to access your Lelantos Mail, Privat DE Mail or any other mail account accepting connection by Tor like Riseup.net or bitmessage.ch.

Always use PGP encryption for privacy

Using an email service that will not reveal your location in the mail headers provides anonymity but not privacy! For sensitive email, you should always encrypt your email with PGP unless you are using i2p-Bote or Bitmessage, both of which transparently encrypt your email for you. Consider all those Tormail users whose plain text emails were seized by the FBI when the server in Ireland used by Freedom Hosting was taken over

from here

List of Anonymous Networks

Flattr this!

 

 

This page lists anonymous networks with which you should become familiar.

Tor does some things good, but other anonymous networks do other things better. Only when used together do they work best. And of course you want to already know how to use them should something happen to Tor and you are forced to move to another network.

Try them! You may even find something interesting you cannot find on Tor!

Anonymous networks

These are well known and widely deployed anonymous networks that offer strong anonymity and high security. They are all open source, in active development, have been online for many years and resisted attack attempts. They run on multiple operating systems and are safe to use with default settings. All are well regarded.

  • Tor – Fast anonymous internet access, hidden websites, most well known.
  • I2P – Hidden websites, anonymous bittorrent, mail, out-proxy to internet, other services.
  • Freenet – Static website hosting, distributed file storage for large files, decentralized forums.

Less well known

Also anonymous networks, but less used and possibly more limited in functionality.

  • GnuNet – Anonymous distributed file storage.
  • OneSwarm – Bittorrent, has a non-anonymous mode, requires friends for anonymity.
  • RetroShare – File-sharing, chat, forums, mail. Requires friends, and not anonymous to those friends, only the rest of the network.
  • Omemo – Distributed social storage platform. Uncertain to what extent it is anonymous.

Non-free networks

These are anonymous networks, but are not open source. Therefore their security and anonymity properties is hard to impossible to verify, and though the applications are legit, they may have serious weaknesses. Do not rely on them for strong anonymity.

  • Osiris – Serverless portal system, does not claim to provide any real anonymity.

In development

  • Phantom – Hidden Services, native IPv6 transport.
  • GlobaLeaks – Open Source Whistleblowing Framework.
  • FreedomBox – Project to create personal servers for distributed social networking, email and audio/video communications.
  • Telex – A new way to circumvent Internet censorship.
  • Project Byzantium – Bootable live distribution of Linux to set up wireless mesh nodes with commonly available hardware.
  • Hyperboria A distributed meshnet built on cjdns.

Routing Platforms

These are internets overlaid on the internet. They provide security via encryption, but only provides weak to none anonymity on their own. Only standard tools such as OpenVPN and Quagga are required to connect. Responsibility for a sufficiently anonymous setup is placed on the user and their advertised routes. More suited for private groups as things out in the open can be firewalled by other participants. Can be layered above or below other anonymity nets for more security and fun.

  • Anonet – AnoNet2, a more open replacement for AnoNet1.
  • dn42 – Another highly technical routing community.
  • CJDNS, an IPV6 overlay network that provides end to end encryption. It is not anonymous by itself.

Alternative Internet

  • Netsukuku – A project that aims to build a global P2P online network completely independent from the Internet by using Wi-Fi. The software is still in active development, although the site is no longer updated. A new site is in progress of being built.
  • Many other wireless communities building mesh networks as an alternative to the Internet, e.g. Freifunk, http://guifi.net and many more around the globe. see also

Alternative domain name systems

  • Namecoin – Cryptocurrency with the added ability to support a decentralised domain name system currently as a .bit.
  • OpenNIC – A user controlled Network Information Center offering a democratic, non-national, alternative to the traditional Top-Level Domain registries.
  • Dot-P2P – Another decentralized DNS service without centralized registry operators (at July 18, 2012 page is not accessible and has not known anything about the status of project from February 2011).

See Also

from here

Anarplex

Flattr this!

 

 

files & projects related to: crypto-tribes, phyles, crypto-anarchy, agorism
provider of darknet services
This is Anarplex.net

We host files & projects related to crypto-anarchy, phyles, agorism and related subject – and offer various services related to crypto-tribes and darknets.
This is also the home of the #agora IRC server.

Alternative addresses

This server is available through:

Since we have had several downtimes of our clearnet gateways, all regular visitors are advised to bookmark the darknet addresses as well.

SSL Fingerprints

anarplex.net (webserver):

  • MD5: EF:64:F6:B6:84:3E:28:D6:E2:53:EC:37:E1:33:3F:28
  • SHA1: C3:39:06:1C:07:24:87:E5:98:AB:C7:53:C0:CB:58:7A:63:43:A4:A3

agora.anarplex.net (irc server):

  • MD5: FA:CC:BC:C8:B3:7B:3A:92:71:CF:2C:FF:0D:92:53:8D
  • SHA1: 92:66:E6:09:62:BB:4A:FB:31:16:72:D5:3D:B3:B1:E7:B3:D9:32:54

Signed statement here

 

from here

 

Iron Box Security

Flattr this!

 

6 June 2014

“A secure computer is one that is powered down and not connected to any network.”

We’ve all heard that before, yeah?

I have a confession. I believe it.

I realized I believe it when a financial services firm asked me to install a password manager on my phone. On my android phone, which shares information with people whom I don’t trust on a regular basis, where every “upgrade” to anything asks for ever-more access to personal information, contact lists, location, etc. An application written by people I don’t know. Who don’t seem to give out any guarantees. And who are very reassuring that if my phone is lost, my passwords won’t be… meaning they’re storing a hell of a lot more than a hash.

And I said no. I understand that the current wisdom is that password managers are a good thing, but…. I just cannot trust the people who develop them and the environments they run on. The complexity runs off beyond the horizon and I just can’t say, for certain, that nothing else can see this thing in memory which this particular app is using.

I do business with that company now, on the basis of a sixty-character password, which is complicated and slow to type and not stored in any electronic form anywhere. It’s stored on a “computer that’s powered down and not connected to any network,” along with a bunch of my other important passwords. But maybe “computer” is the wrong word. It’s actually an iron box with a padlock. Also known as a computer whose security model is simple enough to understand and whose operating system is known completely enough to trust.

And when I log in using that password, the company sends my phone (which NEVER syncs on my computer) a nonce via SMS which I then enter to finish the login.

There is no automatic authentication when the stakes are high. That which is automatic, in an environment where complexity runs beyond the horizon, I just cannot guarantee will never admit someone else. There is no “password sync” between phone and computer… because I don’t want the attack surface that comes with any electronic script-detectable association between the two. I don’t want to have to secure phone information on my computer, and I don’t want to have to secure computer information on my phone. There is no “password wallet” in my browser, because I don’t want my browser to store passwords. Anywhere. Ever. Because I don’t believe I can keep anything accessible to, or especially managed by, a browser secure.

My cryptographic keys (to bitcoin savings, SSH tunnels, and some other high-stakes things) are no more complex than many of my other passwords, and I save them in the same way. With ink. On index cards. In the iron box. With a padlock.

I don’t worry about a trojan horse program or a worm stealing my passwords when I’m not using them, because I’m reasonably confident that the restricted computing environment inside a padlocked iron box with no power supply, no CPU, and an index-card memory isn’t complex enough for such a program to run.

I could worry about burglars, I guess. But a burglar would actually leave evidence – he might get something but I’d know he’d got it. Further, a burglar has to spend time and effort and personal risk on each and every target, instead of writing some program to rip off the thousands of people who didn’t patch the hole it exploits, leaving no visible evidence of the breach. And then launching it anonymously from some Internet cafe in a jurisdiction with no extradition treaties. It just seems to me like simple burglary is a more direct and detectable and therefore more acceptable risk than the activities of seven billion apes and software complexity that goes out beyond the horizon, out there somewhere in the universe.

That leaves me slightly worried about keyloggers when I’m actually entering passwords, but I have one trusted software source (linux distro) and seven applications in total that come from any other source. Of those seven applications, for five I have compiled from source and for two I have taken the trouble to obtain binary hashes of public repositories using machines in other places with separate connections to the network. And then I’ve brought those binary hashes home – on paper – to make sure they match the software I downloaded. And I run with the ‘bin’ directory mounted readonly, so I’m not all that worried about keyloggers.

Ultimately, I believe in security. But what I believe about security leaves me far from the cutting edge; my security environment is more like bearskins and stone knives, because bearskins and stone knives are simple enough that I can *know* they won’t do something I don’t want them to do. Smartphones and computers simply cannot provide that guarantee. The parts of their security models that I do understand, *won’t* prevent any of the things I don’t want them to do.

An iron box with a padlock on the other hand is a simple enough security model to understand, and does provide strong guarantees about what that environment won’t do.

Just a musing, I guess…. the point is that the industry is now building security models which want to provide collaboration, and single sign-on, and synchronization, and interoperation, and ‘cloud storage’ and so forth – but in doing so simply do not and can’t provide good reasons for trust nor solid mathematical proofs of how the things I don’t want them to ever do have been rendered impossible.

In fact, most of them simply refuse to enumerate things they render impossible. Security means guaranteeing that certain things are impossible. Nobody’s even trying to do that because doing the minimum to achieve meaningful guarantees that meaningful kinds of abuse are impossible, would also mean that features like password wallets where they can guarantee password ‘recovery’ are also impossible.

They’re selling the set of things that are enabled rather than the things that are prevented.

Good computer security could be built. But maybe it can’t be sold.

And because that’s what computer security is like these days … I’m forced to use an iron box. With a padlock.

Bear

From: Bear <bear[at]sonic.net>
Cc: cryptography[at]metzdowd.com
Date: Fri, 06 Jun 2014 12:08:27 -0700
Subject: [Cryptography] Vote of no confidence.

The cryptography mailing list
cryptography[at]metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

from here