What type of encryption should I use?

[vailixi]

Say I want to send a text file to a friend over the internet. I want to encrypt the file so nobody can read it without the key. What type of program should I use to encrypt single files? What if I want to use multiple layers of encryption?

Anybody have some ideas?

[no42]

GPG/GnuPG/GPG4Win

They are all free... And use Public-Private Key, Ideally your friend will also use the same method?

There are a few web-isodes on the subject, can't remember the numbers, but believe it was season before last?

[Sitwon]

Using GnuPG (or some variant there of) is currently the most trusted methodology.

By default GnuPG will use RSA which is an asymmetric (public key) cipher. However it also has options for encrypting files using various symmetric key algorithms. Symmetric keys are generally perceived to be less secure because of the difficulty of exchanging the key securely and keeping it a secret.

If you have a strong key and you can keep it a secret, even the XOR algorithm can be nearly impossible to crack. (Especially if you never reuse the same key.)

There are other asymmetric algorithms besides RSA, notably the ones based on elliptic-curves. The Snowden leaks have indicated that certain elliptic curve algorithms (or perhaps just their implementations) may be compromised. However there are others which are believed to still be secure. The reason elliptic curves are important is because it is believed that RSA will become obsolete within the next decade or two, however elliptic curves may remain secure for longer.

(These predictions are based on the specific math problems that each method relies on to make it mathematically difficult to break the crypto, and progress which is being made in academia toward solving those math problems with better speed. If you're interested in the specifics of the math I can link some introductory explanations to get you started.)

The take away is that RSA is secure enough for now. EC is currently the best candidate for the future. And if you can secure the key exchange, then XOR is all you need.

[curtwill]

Say I want to send a text file to a friend over the internet. I want to encrypt the file so nobody can read it without the key. What type of program should I use to encrypt single files? What if I want to use multiple layers of encryption?

Anybody have some ideas?

Of course, encrypting it at all might attract unwanted attention. So use any file level encryption with 256 encryption with a cypher feedback mode. Set up a throw-away email account at both ends and run through a proxy server like tor for setting up the bogus accounts and sending/receiving the emails. Also, go to a busy starbucks when you set up the bogus accounts or access them, preferably not near home.

Or better yet, set up a single bogus email account and manually share account name and password with your friend. Instead of emailing them the message just save it to the drafts file. That way it never hits the grid except when you create and read it. Follow all other rules as above. I'm told some US black ops groups are communicating this way.This method makes the key distribution problem harder, but if you have a small number of friends it might not be a problem.

Once you're finished communication this way, you can erase your memory of the message by applying a 4000 volt shock......

[curtwill]

Using GnuPG (or some variant there of) is currently the most trusted methodology.

By default GnuPG will use RSA which is an asymmetric (public key) cipher. However it also has options for encrypting files using various symmetric key algorithms. Symmetric keys are generally perceived to be less secure because of the difficulty of exchanging the key securely and keeping it a secret.

If you have a strong key and you can keep it a secret, even the XOR algorithm can be nearly impossible to crack. (Especially if you never reuse the same key.)

There are other asymmetric algorithms besides RSA, notably the ones based on elliptic-curves. The Snowden leaks have indicated that certain elliptic curve algorithms (or perhaps just their implementations) may be compromised. However there are others which are believed to still be secure. The reason elliptic curves are important is because it is believed that RSA will become obsolete within the next decade or two, however elliptic curves may remain secure for longer.

(These predictions are based on the specific math problems that each method relies on to make it mathematically difficult to break the crypto, and progress which is being made in academia toward solving those math problems with better speed. If you're interested in the specifics of the math I can link some introductory explanations to get you started.)

The take away is that RSA is secure enough for now. EC is currently the best candidate for the future. And if you can secure the key exchange, then XOR is all you need.

Yes indeed. XOR can make a fine one time pad if you can share the key securely. There are ways to do this. I'll give some hints and leave the rest to the student as an exercise.

First think about what a one time pad is. You start out with a source file, which can be anything (including a cyphertext). You then need a keyfile at least as large as the source file. It must be entirely random (or in our imperfect world, as random as possible). Each byte of the source file is XOR'd by a byte from the padfile. So, a six million byte source file requires a six million byte key. Attacks against this method include attacking the key generator or exploiting anomolies when same pad is repeatedly used.

I am told that some US security agencies generate keying material by shifting a gps stream in a particular way. This is rumoured to be the method used to encrypt the US/Moscow hotline. Both sides sync up and read the gps stream; then do something special to it. Ensuring that "something special" is unpredictable and produces a unique random stream every time is the trick.

So think about how you can do the same thing using something other than the gps data. There must be something that both sides have access to (the more random the better). Then you transform it (into a temporary keystream) in a way that isn't known to the bad guys, ensuring that it becomes "more random" than it was when it started. Then you XOR. Afterward you destroy the pad. Simple.

So put some creativity into developing ways to do this. You need a reference signal of some sort, the more random the better, and a way to sync it so both parties can access it identically. Then you have a preshared means to transform the reference signal. Then you XOR. Then you destroy all traces.

[curtwill]

The entire one time pad thing is, of course, massive overkill. I like a program called FineCrypt. There used to be both free and paid versions out there. The reason I like it is availability of the Mars and RC6 algorithms. A lot of people don't use FineCrypt because of problems with the key generation part of the program. Not random; not secure. I figured out the format for FineCrypt generated keys and started generating my own, then infuse them into the program. Now I have key generation that is as random and secure as I can make it, combined with 2048 bit RC6 or 1248 bit Mars encryption.

Way overkill for anyones needs unless your name happens to be Osama.

[digip]

Personally I'd take a simple approach, put a True crypt file containing the sensitive documents inside a rar file, password protect the rar file with encrypted file names option and send it over. Hard part, getting both passwords to your friend securely. 7zip can open the rar file and is free, and so is truecrypt and each have versions or variants for windows, mac and linux as far as I know.

Edited November 15, 2013 by digip

[vailixi]

This became very informative. Thanks guys.

Edited November 14, 2013 by vailixi

[Jason Cooper]

Unless you are trying to pass about government or company secrets you could probably get away with just using an encrypted RAR with a good passphrase (making sure it is using AES of course).

The real security risk would be what happens when the file gets to its destination. Is you friend going to destroy it after reading, store it in an encrypted form or just copy the unencrypted file onto a flash drive which he then leaves on the train?

[digip]

Unless you are trying to pass about government or company secrets you could probably get away with just using an encrypted RAR with a good passphrase (making sure it is using AES of course).

The real security risk would be what happens when the file gets to its destination. Is you friend going to destroy it after reading, store it in an encrypted form or just copy the unencrypted file onto a flash drive which he then leaves on the train?

This is why I like TrueCrypt inside of the rar. If someone cracked the rar file, the file inside is its own encrypted container, even when taken out of the rar file. TrueCrypt files can also have any file extension name you want when renaming them too, when selecting and mounting them, TrueCrypt will see it as another TC volume. It can seem redundant to use both, but just an added layer they have to jump through, first the rar, then, if they get the contents of the rar, they still have figure out if its a TrueCrypt file or not before trying to decrypt it. Not impossible to do, but the more layers and hoops someone has to jump through, the less chance of the data being read and opened, vs some other form of encruption that may have some software cracker already made for, like a rar file does with rarcrack, the TC file inside is still another hurtle. Plus rar files, password protected using encryption of their own shadow the file names of its contents so makes it harder to deduce what the person may have put in the rar without cracking that first.

Nothing is full proof, but the more layers you add, the safer I feel. Just my 2 cents.

[Jason Cooper]

Actually this is an area that over the last few years my perspective on has changed. For many years I held a similar view to Digip (more layers of encryption makes it feel safer). Now though I hold the opinion that once you reach a certain level of encryption (e.g. AES with a strong key) then any extra layers of encryption don't significantly reduce the risk of someone gaining access to the file, as if someone does gain access it will have probably been through a different route anyway.

[digip]

Actually this is an area that over the last few years my perspective on has changed. For many years I held a similar view to Digip (more layers of encryption makes it feel safer). Now though I hold the opinion that once you reach a certain level of encryption (e.g. AES with a strong key) then any extra layers of encryption don't significantly reduce the risk of someone gaining access to the file, as if someone does gain access it will have probably been through a different route anyway.

Yeah, once the end file is opened, or its out of its container and in memory, or potentially copied to the HDD or a thumb drive in plain text, its open to prying eyes.

If they leave it in the TC Volume at all times, they have a better chance of hitting umount all or just pull the power on the machine, which then would require a cold boot attack(in theory).

Either way, I like the idea of TC Volumes because they are self contained and as long as the file doesn't get corrupted, power loss, unmount removes access to the file, while remnants remain in memory temporarily, someone wanting access would need to be there or hacked in to read the data while they have the volume opened. Un-networked or NIC disabled, they'd need physical access, and as mentioned, pull the power, they'd then need to go strait for a cold boot attack I would think(in theory). Of course, brute forcing is never out of the question with anything that requires one factor of authentication such as a single password in the chain, or merely breaking the owners arm, holding a gun to his head, might just give up the passwords pretty quickly. Torture probably trumps any amount of protection sans becoming a martyr and dieing to keep the password unrevealed.

Maybe someone could invent a multi-layered authentication system for encrypted data with a combination of software and hardware devices for one time keys, although hardware has the weakness of reading data right off the devices if its stored, static data, the hardware I would think becomes the weakest link, like the RSA hack. Someone with the keys to decode all devices becomes the owner to all hardware/smart key fobs.