Days of Judgment

[Ninurta]

Ninurta--

Hear you.  I was annoyed when the government compromised PKP software.  These days, it seems impossible to tell what is comp'd or not, so I assume it all is.

It's different there. The Polezei think they are the only ones with rights, and for some odd reason the people seem to go along with that. It's a German thing, I reckon. I can't quite wrap my mind around it.

Here, we have a 4th Amendment right against unreasonable search and seizure that protects papers and effects. It regularly gets violated, and courts seem to think they can issue warrants to violate that right. BUT the 5th Amendment means they can't make you speak.

So, they can issue a warrant to seize your papers and effects, and if you've written down your passphrase anywhere, they've gotcha. If, however, you don't write it down anywhere, and store it only in your mind, they can't make you speak to give it up. So, if it's decently encrypted, and you've not written down the passphrase anywhere, AND you just keep yer yap shut, they are shit out of luck getting into it.

I have an archive of several dozen encryption software packages, some compromised, some not. For instance, I have the encryption software that al Qaida and ISIS used. I'm pretty sure that one is compromised. It's really just an amalgamation of several other stolen software packages, and as I recall the NSA reverse engineered it from that knowledge, built a back-door into it, and released that compromised package into the wild, which went on to infect all of the AQ and ISIS communications. No one knew whether their version was the NSA version or not. Hilarity ensued.

The software I use has not been compromised. The FBI tried to crack a laptop encrypted with it for 5 years before they gave up and admitted defeat. The guys who developed it were based in Pennsylvania, and got through several iterations of it before the NSA started leaning on them to backdoor it. Instead of backdooring it, they sad fuck off, released a final version that would only decrypt and not encrypt, told everyone to stop using it, and sailed off into the sunset.

The a guy in France picked up the orphanware code and started development on it again. It's gone quite a way beyond the original development team's vision now. The code is open source, so folks can study it to see if there are any backdoors, and there aren't.

The original incarnation of it was called "TrueCrypt". It was originally recommended to me years ago by a military cryptographer, because he knew that it had never been broken. Mounir Idrassi's version is called "VeraCrypt". It has a huge number of features now, but is not for transmissible communications - it's only to encrypt data at rest.

I used to use PGP for communications encryption, but nowadays if I had a need for that sort of thing, I'd uses GPG instead. I believe PGP is compromised, but GPG is not. PGP stands for "Pretty Good Protection". GPG stands for "Gnu Privacy Guard",and is the open-source version of PGP, where you can read the code and compile the program from trusted code yourself, rather than having to rely on someone else's word.

VeraCrypt - and it's source code - is freely available. It's cross-platform, and can be used on Windows, Linux, and MacOS.  A "container" encrypted on one platform can be decrypted on any of the other platforms, provided you know the passphrase. If you don't know it, that crap is locked up tighter than a snake's anus.

I use a cascade of algorithms, so that if one of them is ever broken, the other two will keep the data  safe. It encrypts the plain text, then encrypts the encrypted text with a different algorithm,then encrypts THAT mess again, with yet another algorithm. Encrypted encryption which is then encrypted again. makes a mess of the data that a buzzard couldn't digest.

It's only for encrypting "data at rest", however. Stuff like Grandma's Secret Oatmeal Cookie Recipe ™, or the launch codes to the nuclear missiles you store in your back yard silos, or your tax or employment or medical records, or your secret diary you keep to write your memoirs from.  Stuff you might keep laying around burned on a CD in your bank vault because it's your business and no one else's. Not for communications in the normal sense - you can't type up a message and then encrypt it and let 'er fly across the internet in a regular e-mail body. You'd have to type out a message in a document, then encrypt the document inside a "container",  wipe the plaintext version from your hard drive, and then e-mail the container as an attachment. Getting the passphrase to the recipient securely would be a problem, unlike with GPG.

It can also encrypt entire hard drives, including the one with your operating system on it. I've never done that, however - I just use the native Linux encryption scheme for operating system encryption. That works pretty well - I had a computer die on me, and could not get in to the hard drive at all by just hooking it up to another computer. I had to force the other computer to boot from the Linux drive so I could input the operating system password and recover the data from it. Otherwise, the hard drive, including the operating system and all the data, was just a scrambled mess that nothing could read.

A "container" is just a file, but an encrypted file that the software treats as if it were another hard drive - it has to be "mounted" as if it were a physical drive, and then you can read or write from or to it, encrypting or decrypting the data involved. The software handles the mounting process for you, and then handles the encrypt/decrypt tasks. Decrypted material is only stored in RAM - turn the computer off or lose power, and there is nothing to find until you mount the container volume again.

The only downside to it that I've ran across is that they no longer maintain a PDF user manual. The manual is, as most manuals are nowadays, on the internet as HTML. Luckily, it's not at all hard to use - but if you forget your passphrase, you can just kiss that data goodbye, because there is nothing and no one on Earth that can get you back into it.

A Google search for "VeraCrypt" will lead one straight to the software, free for the download.

As a side note, I DO NOT trust Microsoft's "Bitlocker" to encrypt anything at all. The way M$ acts, using their very operating system as spyware to spy on you, you just KNOW that Gates and Company have a back door built in to it, and if they can get into it, so can Uncle Sugar. They'd hand over their secret keys to him for a belly rub or less.

Actually, I think now if you encrypt your drive with Bitlocker, you are required to store a copy of your keys on a M$ server "for your own safety, in case you forget your password". If M$ has it, then so does Uncle Sugar, through them.

.