crypto category archive

Steven Levy = Awesome Writer

Hackers

Many years ago I read Hackers for the first time and thoroughly enjoyed it. Levy takes exhaustive research and interviews and weaves them in to a great tale. I like reading about the people behind technology and how they came to do what they do (or did what they did), and this book is full of characters and their stories: “The Heroes of the Computer Revolution.” Starting with the origins of hacker culture at MIT in the Tech Model Railroad Club, I felt transported back in time and was absorbed by the story.

Crypto

A month ago, I saw a reference to Levy’s Crypto, and I immediately ordered a used copy from Amazon. This is …

Me and You and a GPG Key Named Boo

“Travellin’ and livin’ off the web…”

I have a GPG key, freshly created a couple of days ago. GPG is the GNU Privacy Guard, also known as GnuPG, used for encryption and digital signatures.

Many people include helpful comments about GPG encryption on a page with their public key and fingerprint. Instead of making similar remarks (which I don’t feel qualified to make), I’ll point to some examples: Karl Fogel, Peter S. May, and Henrik Lund Kramshoej.

I’ve read Karl’s page with interest in the past, and revisited it while preparing my own GPG key page. His comments have been influential in adding to my doubts about using the software and keys properly. I found Peter’s and Henrik’s pages recently in Google search results as I’ve been reading about the …

Password Safe / Password Gorilla

Updated 20 April 2007: Password Gorilla’s author, Frank Pilhofer, contacted me to clarify how permissions work and to investigate the problem I was seeing. Talk about great customer service! See update notes below…

I’ve been using Password Safe in Windows for many years to manage my passwords. It seemed credible to me because it was originally designed by Bruce Schneier and made by his company, Counterpane Systems. It uses either the twofish or blowfish block cipher, depending on the version. I respect Bruce’s knowledge and opinions on security and figured it would be a robust application, free from obvious security flaws.

And it was free for use. As in free beer. At some point it was released under the free and open source …

HOWTO: EncFS Encrypted Filesystem in Ubuntu and Fedora GNU/Linux

(Go straight to the HOWTOs. Do not pass GO.)

2 June 2007: Updated with comments for 7.04 / Feisty Fawn.

I mentioned recently that I planned to keep using TrueCrypt in GNU/Linux since I had used it profitably in Windows, and that I also intended to keep using the container approach where you create a single file of a certain size and then mount it to get your virtual file system.

I’m reevaluating my plan. I still like TrueCrypt and will likely keep using it, maybe by alternating DVD backups between it and my new intended: the EncFS Encrypted Filesystem. (And of course GPG is always good for many crypto jobs, and will also be part of my security framework.)

The drawback with my …

HOWTO: TrueCrypt in Ubuntu and Fedora GNU/Linux

Update, 1 June 2007: Version 4.3a, released May 2007, removes support for SUID.

I’ve been using TrueCrypt to encrypt financial and personal documents in Windows for a while now and it has worked just fine for the way I want to use it. I’m doing file-based encryption where you mount a single file as a virtual volume that appears as a normal drive in Windows. I knew there was a GNU/Linux version, so it seemed like a logical choice to use for the same purposes in the free world.

TrueCrypt is free-as-in-freedom (according to my hearsay understanding of the license), but the TrueCrypt Foundation behind it is apparently kind of secretive and closed with its development processes. I’m not …