Why encryption is important in communications

Communications between devices often passes over public networks that have varying risks of eavesdropping and interference by adversaries. While the endpoints involved in a communications session may be protected, the communications itself might not be. For this reason, cryptography is often employed to make communications unreadable by anyone (or any thing) that may be able to intercept them. Like the courier running an encrypted message through a battlefield in ancient times, an encrypted message in the modern context of computers and the Internet cannot be read by others.

• excerpt from a book in progress

Trusting Cryptography

The information security profession, and cryptography in particular, has passed into a new era where credible evidence has surfaced that reveal that several world governments have played a role in the deliberate weakening of cryptosystems, to facilitate domestic and international espionage. Prior to these revelations, information security professionals could place their trust in national standards bodies, major encryption product vendors, and government organizations. This trust has been broken and will not be easily mended.

A significant challenge in both public and private sectors will be the establishment of new ways to measure the validity and integrity of cryptosystems.  Or, perhaps a new approach will be new and novel uses of cryptography in order to make the compromise of a cryptosystem more difficult than before. The collective discussion on this topic will run its course over several years, resulting in the development of new validation platforms as well as improved application of cryptosystems.

– excerpt from the cryptography chapter of a college textbook still in development

Healthy Skepticism Required When Using Online Storage

When online backup solutions such as box.net, idrive, and dropbox came on the scene, I was skeptical. Store my data on some service provider’s system? Only with caution.

When news of the dropbox scandal was made public, I was not surprised. The promise, “only a customer has access to their own data”, evaporated. Not that it was ever a promise that could ever be kept.

Recommendation: if you insist on storing your data on someone else’s system, encrypt it locally and store the encrypted data on the other system. That is the only way to truly guarantee that no one else can see your data.

Reference:

http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/

Use TrueCrypt to encrypt stored data on your laptop computer

Laptops are stolen. Data is compromised. Tens of thousands of individuals are notified of a breach of their private information.

We see this in the news every week.

There is a good product that you can use to safely and effectively encrypt your data; it’s called TrueCrypt.

I have used TrueCrypt for several months and have found it to be solid and reliable. Previously, I used PGP Desktop version 8.1, which is costly and was not reliable for me.

With TrueCrypt you can:

• Create and mount NTFS volumes as drive letters
• Encrypt an entire hard disk partition or portable (e.g. USB) drive
• Create hidden volumes that are impossible to prove that the volume even exists
• Encryption algorithms supported: AES-256, Serpent, and Twofish

TrueCrypt supports Microsoft Vista UAC (User Account Control) (requires version 4.3 released in March 2007).

TrueCrypt is very popular – to date it has been downloaded well over two million times.

(Disclaimer: I have no affiliation with TrueCrypt other than being a satisfied customer)

More information here: http://www.truecrypt.org/