Practical Paranoia

by MoJo

For the truly paranoid, computer security is a real problem.  Keeping your files safe is very, very difficult.

Not only do you need to know a few things about computers, but you need to know the law.  I don't condone doing anything illegal with your computer, but I do firmly believe that citizens have a right to privacy and need as much protection from governments (which are not perfect) as they do protection by them.

Firstly, let's look at encryption.  There are basically two kinds of encryption in common use today.

The first is the one-time pad.  This method combines two files with an XOR (a Boolean logic function).  One file is the data file you are encrypting, one is a key file.  The biggest advantage of using this method is that, with a truly random key file, it is unbreakable.  The reason for this is that there will be many different possible key files, each of which can decrypt the file to something different.  One key will give your secret plans for world domination, another a JPEG of your cat.  There is no way to tell which one is the right key, so no way to prove which one is your unencrypted file.

Unfortunately, the key file has to be as big as the data file, and can only be used once.  Also, you have to store the key file somewhere.  Even if you kept the key file on a USB drive which lived in your pocket, it might get stolen or the police might take it from you.

This is the reason that most people use more traditional encryption methods.  These methods rely on taking so long to break that very few people could realistically do it, because trillions of different keys have to be checked before the right one is found.

The most common is Triple DES, or 3DES.  It's popular because it's been tested a lot and is unlikely to be "broken," i.e., someone finds a very fast way to brute force it.

AES is newer and is also becoming popular now, as well as Blowfish, Twofish, and many others.  AES is probably your best bet.  It's worth noting that large organizations could break these systems in reasonable amounts of time (say, a few months) if they had hundreds of millions of pounds worth of computers.  Chances are, some do (the U.S. government, perhaps).  The question is will they spend months decrypting your collection of ASCII porn?

The advantage to these methods is that the key is very small (usually under 200-bits) and the key itself can be generated from a password.  Of course, you have to pick a secure password, but at least there is no way to force it out of you, at least not legally.  In the U.K., recent laws require you to turn over passwords to the police, but it's not clear what would happen if you have forgotten it.

The best methods of security require both a password and some kind of physical key.  For example, needing a password and key file stored on a USB drive would be ideal.

Even with strong encryption, there are still major problems to be solved.  For a start, if you type in your password, a key logger might be able to capture it.

Depending on your OS, there may be a way around this, and of course it is less effective if you also need a physical key.  Try not to use the same password for more than one thing either, and definitely don't use the same password you log on to your Hotmail account with!

The biggest problem of all is that of unencrypted ("plain text") versions of your encrypted files being stored on your computer.  This most often happens because a program you opened the file with uses some temporary files or the memory the plain text is stored in gets stored in your swap space (pagefile in Windows).

By far the best solution to this is to simply encrypt your entire hard drive, operating system and all.  Linux supports encrypted data and swap partitions, as does DriveCrypt for Windows.

Beware of programs that claim to "erase" your temporary files or clear your swap space.  It's actually very, very hard to completely erase data from a hard drive.

Even worse, it turns out that most common types of RAM can hold data for several hours, and it's very hard to erase that data.

Overwriting it isn't enough; it all depends on how long the sensitive data was stored for.  The truly paranoid might like to run MemTest86 for a few hours after they have been handling encrypted files.  Maybe a screensaver could clear the RAM in your TFT monitor as well.  The entire screen is stored in it and after-images can be recovered for a few hours.

Nothing is really safe, but for the paranoid out there you can do a lot to protect yourself.  The real key is to know the limitations of your system and guard against them.