This question is “old like the World”, we use to say in my Country. How can we trust of a secrecy protocol or implementation that the worldwide community can’t study, test and modify? Who may assure us that the rules of the game are clear and there’s a full respect of them?
When we are going to use a closed encryption protocol or implementation for our communications we can only trust on the service. It’s like telling a secret to our best friend: we choose someone we trust and we tell him our secret but, in fact, who knows if he will respect our privacy. Maybe our best friend may approach his cousin and say: “Hey, can you keep a secret?” and obviously the answer is “Yes!”.
I’ve developed LockWallet, a simple password manager to use in a terminal environment.
With lockwallet you can manage a password database encrypted with AES128 algorithm and automatically recall in the clipboard the password desired to be pasted in the login form.
I’ve created lockwallet to use on internet point computers or, generically, on computer that I do not own. For this reason I’ve written it in java and stored on a pen drive with a Windows stand alone jre for both win32 and win64 in the case the OS doesn’t have a jvm installed.
To download LockWallet you can click on this link for GitHub
This software is in beta stage. I’m not responsible for any problem and security flaw derived from its use.
Few weeks ago, Google has made available in his services the 2 factor authentication via security key, implementing the FIDO u2f authentication standard.
The security key is a device like a usb pen drive but slim as a smartcard with a chip on the usb plug. This chip contains a key pair and cryptographic functions.You can register the public key on a service like the ones provided by Google and, in future, use the security key as the second step authentication.
At moment, the security key works with any of the major OSes (GNU/Linux, Windows and OSX) and only with Google Chrome browser.
I’ve ordered a security key on Amazon (the cheap one), so I’m going to test this security token soon with google gmail and make some usage reports.
By the way, Google may be one of the first big companies to adopt the FIDO u2f security key standard. In the future, Yahoo and other big companies may provide the security key authentication as an alternative to the sms pin. Paypal has also a security key protection but his implementation seems to be proprietary.
Here’s the Google help page of the security key token.
With some new features added to the TCCF suite, I’ve added to this blog the page to get more info and download page for the crypto suite for Linux.
I’ve written this small guide to help and maybe improve the security process in preparation of Android devices.
Common tablets and smartphones are widely used in a Company and Professional environment, so it’s good that the IT Department enforce the security of these devices before deploying them to the employees.
This small guide will help Sys Admins, working like a checklist to the most common security enforcing operations. The scenario analyzed is the setup of a secure tablet for an employee that have to keep this device with him in a job travel.
Please, contact me to signal eventual errors or to give me advices to improve this guide.
DOWNLOAD ANDROID HARDENING FOR PROFESSIONAL DEVICES PDF
I’ve developed, waiting for the event Reset the Net ,a collection of wizards to simplify the use of encryption on GNU/Linux.
With Two Cents Crypto Frontend (TCCF) you can easly
- create encrypted partitions or external disks
- create encrypted storages in a regular files and mount them
- encrypt and decrypt single files with a password
- use asymmetric encryption to securely communicate with electronic mail for example
- secure delete files and entire partitions or disks
The script runs in bash shell.
You have to simply run
$ /bin/bash tccf.sh
or, if you want, you can run any of the scripts separately if you don’t want to navigate through menus
but first of all, download the entire suite here: DOWNLOAD
I’M NOT RESPONSIBLE OF ANY DAMAGE OCCURRED USING TCCF SUITE.
iSEC Partners, Inc. has conducted an assessment on the source code of TrueCrypt 7.1a disk encryption suite.
Testing the open source code, searching for bugs, vulnerabilities, backdoors and defining if the code is well written, iSEC has published a detailed report about the security of TrueCrypt available for download in PDF format at this address: LINK.
Results highlight that TrueCrypt suite does not contain backdoor or other maliciously implemented code to exploit and lessen the security of the cryptographic environment.