Re: How would you do that ...
I have literally never in my life seen any meaningful use case for the OTP after about 1974. It's not part of a sensible discussion. :) On May 4, 2021 4:46:31 PM CDT, vedaal via Gnupg-users wrote: >Or, for the really paranoid ;-)you can have random data on a read-only >mini cdrom,and use it as an OTP, and throw it into a garbage >incinerator afterwards. >If you are up against adversaries where this is necessary,this methods >may ultimately not help ... >= > >On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:On Dienstag, 4. Mai >2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote: >> For modern SSDs I generally recommend a single pass with random >data: >> >> dd if=/dev/urandom of=/dev/foo bs=1M >> >> (Don't forget the blocksize [bs] parameter; it can improve speed >> significantly.) >> >> This is enough to foil the vast majority of forensic analysis. Yes, >> yes, SSDs have remapping capabilities which means certain memory >cells >> won't get hit even if you do this, and it's theoretically possible >for a >> good forensics nerd to do all kinds of wild magic to pull off data >you >> didn't even know was there... but that kind of very high-level >forensics >> nerdery costs a lot of money, and few people are worth that kind of >> investment. > >I'd always use full disk encryption ideally with the key stored on a >USB >token. Otherwise, with a very good passphrase. > >And, after use, wipe the disk and destroy the token. > >Modern enterprise-level SSDs also have secure erase, but, of course, >you'd >have to trust the hardware manufacturer to implement it properly >without any >backdoors which you probably don't want to do in the above scenario. > >Regards, >Ingo -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[no subject]
On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:I'd always use full disk encryption ideally with the key stored on a USB token. Otherwise, with a very good passphrase. And, after use, wipe the disk and destroy the token. Modern enterprise-level SSDs also have secure erase, but, of course, you'd have to trust the hardware manufacturer to implement it properly without any backdoors which you probably don't want to do in the above scenario. = Or, for the really paranoid ;-)you can have random data on a read-only mini cdrom,and use it as an OTP, and throw it into a garbage incinerator afterwards. But really, if anyone is up against adversaries where this is necessary,this methods may ultimately not help. These adversaries are not known for their honor and fair play ... vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
Or, for the really paranoid ;-)you can have random data on a read-only mini cdrom,and use it as an OTP, and throw it into a garbage incinerator afterwards. If you are up against adversaries where this is necessary,this methods may ultimately not help ... = On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:On Dienstag, 4. Mai 2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote: > For modern SSDs I generally recommend a single pass with random data: > > dd if=/dev/urandom of=/dev/foo bs=1M > > (Don't forget the blocksize [bs] parameter; it can improve speed > significantly.) > > This is enough to foil the vast majority of forensic analysis. Yes, > yes, SSDs have remapping capabilities which means certain memory cells > won't get hit even if you do this, and it's theoretically possible for a > good forensics nerd to do all kinds of wild magic to pull off data you > didn't even know was there... but that kind of very high-level forensics > nerdery costs a lot of money, and few people are worth that kind of > investment. I'd always use full disk encryption ideally with the key stored on a USB token. Otherwise, with a very good passphrase. And, after use, wipe the disk and destroy the token. Modern enterprise-level SSDs also have secure erase, but, of course, you'd have to trust the hardware manufacturer to implement it properly without any backdoors which you probably don't want to do in the above scenario. Regards, Ingo___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
On Dienstag, 4. Mai 2021 18:47:50 CEST Robert J. Hansen via Gnupg-users wrote: > For modern SSDs I generally recommend a single pass with random data: > > dd if=/dev/urandom of=/dev/foo bs=1M > > (Don't forget the blocksize [bs] parameter; it can improve speed > significantly.) > > This is enough to foil the vast majority of forensic analysis. Yes, > yes, SSDs have remapping capabilities which means certain memory cells > won't get hit even if you do this, and it's theoretically possible for a > good forensics nerd to do all kinds of wild magic to pull off data you > didn't even know was there... but that kind of very high-level forensics > nerdery costs a lot of money, and few people are worth that kind of > investment. I'd always use full disk encryption ideally with the key stored on a USB token. Otherwise, with a very good passphrase. And, after use, wipe the disk and destroy the token. Modern enterprise-level SSDs also have secure erase, but, of course, you'd have to trust the hardware manufacturer to implement it properly without any backdoors which you probably don't want to do in the above scenario. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
Modern harddisks don't allow that anymore. Should I assume that "low-level format" in this case means something like dd if=/dev/zero of=/dev/sdX [puts on forensics professional hat] Good question! The tl;dr of it is that the technique to wipe a hard drive will vary according to the kind of technology used in manufacturing the drive, and to a lesser extent the kind of forensics nerdery you're afraid of. This is the origin of the myth of the 30-odd-pass "Gutmann shred". It was always a complete myth that you needed 30-odd passes to wipe a hard drive. The 30+ passes were if you had no knowledge about the underlying technology of the drive and needed to account for antique FM-coded drives all the way up through modern SSDs. If you were thinking of doing a 30+-pass shred, the best thing to do was smack yourself in the face for being so foolish and then go off and read the label on your hard drive. :) For modern SSDs I generally recommend a single pass with random data: dd if=/dev/urandom of=/dev/foo bs=1M (Don't forget the blocksize [bs] parameter; it can improve speed significantly.) This is enough to foil the vast majority of forensic analysis. Yes, yes, SSDs have remapping capabilities which means certain memory cells won't get hit even if you do this, and it's theoretically possible for a good forensics nerd to do all kinds of wild magic to pull off data you didn't even know was there... but that kind of very high-level forensics nerdery costs a lot of money, and few people are worth that kind of investment. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
Neal Stephenson's novel Cryptonomicon is excellent. I strongly recommend it to anyone who enjoys reading & is interested in crypto. Part of the plot involves a cipher that operates a bit like RC-4, permuting an array, but the array is a deck of cards. https://www.schneier.com/academic/solitaire/ Please don't. Solitaire is not a particularly well-designed cipher, in either the human factors sense or in the cryptographic strength sense. Even Schneier himself says it's mostly of interest only as a curiosity and not for serious purposes. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
Sandy Harris wrote: Ralph Seichter via Gnupg-users wrote: * Stefan Vasilev via Gnupg-users: How would you solve this task? With Alice having to rely on cryptography she can do in her head? Some shift cipher and carrier pigeons. :-) Neal Stephenson's novel Cryptonomicon is excellent. I strongly recommend it to anyone who enjoys reading & is interested in crypto. Part of the plot involves a cipher that operates a bit like RC-4, permuting an array, but the array is a deck of cards. https://www.schneier.com/academic/solitaire/ I remember Bruce Schneier's Solitaire. One can also use the Elsie Four (LC4) cipher for that. The task, however, is also communicating (daily) without logging into any services and if required to send larger documents, or even photos. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Gpg4win/RunAsUser: (Is:After upgrading to gpg4win 3.3.15 Kleopatra fails to come up)
Am Montag 19 April 2021 23:49:56 schrieb Shridhar Mysore via Gnupg-users: > > Kleopatra cannot be run as adminstrator without breaking file permissions > in the GnuPG data folder. (For completeness here in the ML) https://wiki.gnupg.org/Gpg4win/RunAsUser Best, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
Ralph Seichter via Gnupg-users wrote: > > * Stefan Vasilev via Gnupg-users: > > > How would you solve this task? > > With Alice having to rely on cryptography she can do in her head? > Some shift cipher and carrier pigeons. :-) Neal Stephenson's novel Cryptonomicon is excellent. I strongly recommend it to anyone who enjoys reading & is interested in crypto. Part of the plot involves a cipher that operates a bit like RC-4, permuting an array, but the array is a deck of cards. https://www.schneier.com/academic/solitaire/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users