Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[Bear Giles]

FWIW I distrust encrypted drives using hardware encryption. This came out
just a few days ago:
https://thehackernews.com/2018/11/self-encrypting-ssd-hacking.html: Flaws
in Popular Self-Encrypting SSDs Let Attackers Decrypt Data.

On Tue, Nov 6, 2018 at 10:15 PM Nicholas Papadonis <
nick.papadonis...@gmail.com> wrote:

> Interesting.  How about this for a start?
>
>
> http://nickpapadonis.com/images-share/summerian-ancient-mesopotamia-ancient-lock.jpg
> http://nickpapadonis.com/images-share/anunnaki1.jpg
>
> http://nickpapadonis.com/images-share/summerian-Winged_Human-headed_Bulls.JPG
>
> On Sun, Nov 4, 2018 at 7:21 PM open...@foocrypt.net 
> wrote:
>
>> Hi Nick
>>
>> Have You tried The FooKey Method ? https://foocrypt.net/the-fookey-method
>>
>> Also,
>>
>> I will be sourcing public addendum's as addendum's to my submission into
>> the Parliamentary Joint Committee on Intelligence and Security [
>> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Submissions
>> ] regarding the committee’s review of the 'Telecommunication and Other
>> Legislation Amendment (Assistance and Access) Bill 2018' after the
>> Melbourne Cup. It will be similar to the open request for the Defence Trade
>> Control Act review performed by the former Inspector General of
>> Intelligence, Dr Vivian Thom.
>>
>>
>> https://foocrypt.net/independent-review-of-the-defence-trade-controls-act-2012-cth-call-for-information-for-submission-as-a-case-study-from-the-openssl-community
>>
>>
>> --
>>
>> Regards,
>>
>> Mark A. Lane
>>
>> Cryptopocalypse NOW 01 04 2016
>>
>> Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @
>> https://itunes.apple.com/au/author/mark-a.-lane/id1100062966?mt=11
>>
>> Cryptopocalypse NOW is the story behind the trials and tribulations
>> encountered in creating "FooCrypt, A Tale of Cynical Cyclical Encryption."
>>
>> "FooCrypt, A Tale of Cynical Cyclical Encryption." is aimed at hardening
>> several commonly used Symmetric Open Source Encryption methods so that they
>> are hardened to a standard that is commonly termed 'QUANTUM ENCRYPTION'.
>>
>> "FooCrypt, A Tale of Cynical Cyclical Encryption." is currently under
>> export control by the Australian Department of Defence Defence Export
>> Controls Office due to the listing of Cryptology as a ‘Dual Use’ Technology
>> as per the ‘Wassenaar Arrangement’
>>
>> A permit from Defence Export Control is expected within the next 2 months
>> as the Australian Signals Directorate is currently assessing the associated
>> application(s) for export approval of "FooCrypt, A Tale of Cynical Cyclical
>> Encryption."
>>
>> Early releases of "Cryptopocalypse NOW" will be available in the period
>> leading up to June, 2016.
>>
>> Limited Edition Collectors versions and Hard Back Editions are available
>> via the store on http://www.foocrypt.net/
>>
>> © Mark A. Lane 1980 - 2016, All Rights Reserved.
>> © FooCrypt 1980 - 2016, All Rights Reserved.
>> © FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2016, All
>> Rights Reserved.
>> © Cryptopocalypse 1980 - 2016, All Rights Reserved.
>>
>>
>>
>> On 5 Nov 2018, at 10:35, Nicholas Papadonis 
>> wrote:
>>
>> Comments
>>
>> On Sat, Nov 3, 2018 at 5:56 PM Bear Giles  wrote:
>>
>>> > I'm considering encrypting a tar archive and optionally a block file
>>> system (via FUSE) using either utility
>>>
>>> Linux has good support for encrypted filesystems. Google LUKS.
>>>
>>
>>
>>> BTW a tar file starts with the name of the first entry. The 'magic
>>> numbers' are at offset 128 or so. However a compressed tar file will start
>>> with a known value since gzip, b2zip, and 7zip?, all start with their magic
>>> values.
>>>
>>
>> Does tar placing known data at a certain offset increase the probability
>> that someone can perform an attack easier?  They may already know the data
>> to decrypt at that offset and if the encrypted block overlaps, then the
>> attack is easier.
>>
>> Thanks
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>>
>> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[open...@foocrypt.net]

Ditto,

But don’t tell the Australian Government, it’s probably on their back door 
request list…;)



> On 8 Nov 2018, at 01:26, Bear Giles  wrote:
> 
> FWIW I distrust encrypted drives using hardware encryption. This came out 
> just a few days ago: 
> https://thehackernews.com/2018/11/self-encrypting-ssd-hacking.html 
> : Flaws 
> in Popular Self-Encrypting SSDs Let Attackers Decrypt Data.
> 
> On Tue, Nov 6, 2018 at 10:15 PM Nicholas Papadonis 
> mailto:nick.papadonis...@gmail.com>> wrote:
> Interesting.  How about this for a start?
> 
> http://nickpapadonis.com/images-share/summerian-ancient-mesopotamia-ancient-lock.jpg
>  
> 
> http://nickpapadonis.com/images-share/anunnaki1.jpg 
> 
> http://nickpapadonis.com/images-share/summerian-Winged_Human-headed_Bulls.JPG 
> 
> 
> On Sun, Nov 4, 2018 at 7:21 PM open...@foocrypt.net 
>   > wrote:
> Hi Nick
> 
> Have You tried The FooKey Method ? https://foocrypt.net/the-fookey-method 
> 
> 
> Also,
> 
> I will be sourcing public addendum's as addendum's to my submission into the 
> Parliamentary Joint Committee on Intelligence and Security [ 
> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Submissions
>  
> 
>  ] regarding the committee’s review of the 'Telecommunication and Other 
> Legislation Amendment (Assistance and Access) Bill 2018' after the Melbourne 
> Cup. It will be similar to the open request for the Defence Trade Control Act 
> review performed by the former Inspector General of Intelligence, Dr Vivian 
> Thom.
> 
> https://foocrypt.net/independent-review-of-the-defence-trade-controls-act-2012-cth-call-for-information-for-submission-as-a-case-study-from-the-openssl-community
>  
> 
> 
> 
> -- 
> 
> Regards,
> 
> Mark A. Lane   
> 
> Cryptopocalypse NOW 01 04 2016
> 
> Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @ 
> https://itunes.apple.com/au/author/mark-a.-lane/id1100062966?mt=11 
> 
> 
> Cryptopocalypse NOW is the story behind the trials and tribulations 
> encountered in creating "FooCrypt, A Tale of Cynical Cyclical Encryption."
> 
> "FooCrypt, A Tale of Cynical Cyclical Encryption." is aimed at hardening 
> several commonly used Symmetric Open Source Encryption methods so that they 
> are hardened to a standard that is commonly termed 'QUANTUM ENCRYPTION'.
> 
> "FooCrypt, A Tale of Cynical Cyclical Encryption." is currently under export 
> control by the Australian Department of Defence Defence Export Controls 
> Office due to the listing of Cryptology as a ‘Dual Use’ Technology as per the 
> ‘Wassenaar Arrangement’
> 
> A permit from Defence Export Control is expected within the next 2 months as 
> the Australian Signals Directorate is currently assessing the associated 
> application(s) for export approval of "FooCrypt, A Tale of Cynical Cyclical 
> Encryption."
> 
> Early releases of "Cryptopocalypse NOW" will be available in the period 
> leading up to June, 2016.
> 
> Limited Edition Collectors versions and Hard Back Editions are available via 
> the store on http://www.foocrypt.net/ 
> 
> © Mark A. Lane 1980 - 2016, All Rights Reserved.
> © FooCrypt 1980 - 2016, All Rights Reserved.
> © FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2016, All Rights 
> Reserved.
> © Cryptopocalypse 1980 - 2016, All Rights Reserved.
> 
> 
> 
>> On 5 Nov 2018, at 10:35, Nicholas Papadonis > > wrote:
>> 
>> Comments
>> 
>> On Sat, Nov 3, 2018 at 5:56 PM Bear Giles > > wrote:
>> > I'm considering encrypting a tar archive and optionally a block file 
>> > system (via FUSE) using either utility
>> 
>> Linux has good support for encrypted filesystems. Google LUKS. 
>>  
>> BTW a tar file starts with the name of the first entry. The 'magic numbers' 
>> are at offset 128 or so. However a compressed tar file will start with a 
>> known value since gzip, b2zip, and 7zip?, all start with their magic values.
>> 
>> Does tar placing known data at a certain offset increase the probability 
>> that someone can perform an attack easier?  They may already know the data 
>> to decrypt at that offset and if the encrypted block overlaps, then the 
>> attack is easier.   

Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[Nicholas Papadonis]

Interesting.  How about this for a start?

http://nickpapadonis.com/images-share/summerian-ancient-mesopotamia-ancient-lock.jpg
http://nickpapadonis.com/images-share/anunnaki1.jpg
http://nickpapadonis.com/images-share/summerian-Winged_Human-headed_Bulls.JPG

On Sun, Nov 4, 2018 at 7:21 PM open...@foocrypt.net 
wrote:

> Hi Nick
>
> Have You tried The FooKey Method ? https://foocrypt.net/the-fookey-method
>
> Also,
>
> I will be sourcing public addendum's as addendum's to my submission into
> the Parliamentary Joint Committee on Intelligence and Security [
> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Submissions
> ] regarding the committee’s review of the 'Telecommunication and Other
> Legislation Amendment (Assistance and Access) Bill 2018' after the
> Melbourne Cup. It will be similar to the open request for the Defence Trade
> Control Act review performed by the former Inspector General of
> Intelligence, Dr Vivian Thom.
>
>
> https://foocrypt.net/independent-review-of-the-defence-trade-controls-act-2012-cth-call-for-information-for-submission-as-a-case-study-from-the-openssl-community
>
>
> --
>
> Regards,
>
> Mark A. Lane
>
> Cryptopocalypse NOW 01 04 2016
>
> Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @
> https://itunes.apple.com/au/author/mark-a.-lane/id1100062966?mt=11
>
> Cryptopocalypse NOW is the story behind the trials and tribulations
> encountered in creating "FooCrypt, A Tale of Cynical Cyclical Encryption."
>
> "FooCrypt, A Tale of Cynical Cyclical Encryption." is aimed at hardening
> several commonly used Symmetric Open Source Encryption methods so that they
> are hardened to a standard that is commonly termed 'QUANTUM ENCRYPTION'.
>
> "FooCrypt, A Tale of Cynical Cyclical Encryption." is currently under
> export control by the Australian Department of Defence Defence Export
> Controls Office due to the listing of Cryptology as a ‘Dual Use’ Technology
> as per the ‘Wassenaar Arrangement’
>
> A permit from Defence Export Control is expected within the next 2 months
> as the Australian Signals Directorate is currently assessing the associated
> application(s) for export approval of "FooCrypt, A Tale of Cynical Cyclical
> Encryption."
>
> Early releases of "Cryptopocalypse NOW" will be available in the period
> leading up to June, 2016.
>
> Limited Edition Collectors versions and Hard Back Editions are available
> via the store on http://www.foocrypt.net/
>
> © Mark A. Lane 1980 - 2016, All Rights Reserved.
> © FooCrypt 1980 - 2016, All Rights Reserved.
> © FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2016, All Rights
> Reserved.
> © Cryptopocalypse 1980 - 2016, All Rights Reserved.
>
>
>
> On 5 Nov 2018, at 10:35, Nicholas Papadonis 
> wrote:
>
> Comments
>
> On Sat, Nov 3, 2018 at 5:56 PM Bear Giles  wrote:
>
>> > I'm considering encrypting a tar archive and optionally a block file
>> system (via FUSE) using either utility
>>
>> Linux has good support for encrypted filesystems. Google LUKS.
>>
>
>
>> BTW a tar file starts with the name of the first entry. The 'magic
>> numbers' are at offset 128 or so. However a compressed tar file will start
>> with a known value since gzip, b2zip, and 7zip?, all start with their magic
>> values.
>>
>
> Does tar placing known data at a certain offset increase the probability
> that someone can perform an attack easier?  They may already know the data
> to decrypt at that offset and if the encrypted block overlaps, then the
> attack is easier.
>
> Thanks
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[admin] Re: OpenSSL vs GPG for encrypting files? Security best practices?

[Werner Koch]

Hi!

Please do not post commercial advertisements to a gnupg mailing list.

There is no problem to _mention_ proprietary software on the GnuPG lists
if that mentioning is related to technical questions.  But sales pitch
or ads are unwanted.

Thanks,

  Werner


ps.
I removed the openssl list from the reply.
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpB37s5l3mpL.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[open...@foocrypt.net]

Hi Nick

Have You tried The FooKey Method ? https://foocrypt.net/the-fookey-method

Also,

I will be sourcing public addendum's as addendum's to my submission into the 
Parliamentary Joint Committee on Intelligence and Security [ 
https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Submissions
 ] regarding the committee’s review of the 'Telecommunication and Other 
Legislation Amendment (Assistance and Access) Bill 2018' after the Melbourne 
Cup. It will be similar to the open request for the Defence Trade Control Act 
review performed by the former Inspector General of Intelligence, Dr Vivian 
Thom.

https://foocrypt.net/independent-review-of-the-defence-trade-controls-act-2012-cth-call-for-information-for-submission-as-a-case-study-from-the-openssl-community


-- 

Regards,

Mark A. Lane   

Cryptopocalypse NOW 01 04 2016

Volumes 0.0 -> 10.0 Now available through iTunes - iBooks @ 
https://itunes.apple.com/au/author/mark-a.-lane/id1100062966?mt=11

Cryptopocalypse NOW is the story behind the trials and tribulations encountered 
in creating "FooCrypt, A Tale of Cynical Cyclical Encryption."

"FooCrypt, A Tale of Cynical Cyclical Encryption." is aimed at hardening 
several commonly used Symmetric Open Source Encryption methods so that they are 
hardened to a standard that is commonly termed 'QUANTUM ENCRYPTION'.

"FooCrypt, A Tale of Cynical Cyclical Encryption." is currently under export 
control by the Australian Department of Defence Defence Export Controls Office 
due to the listing of Cryptology as a ‘Dual Use’ Technology as per the 
‘Wassenaar Arrangement’

A permit from Defence Export Control is expected within the next 2 months as 
the Australian Signals Directorate is currently assessing the associated 
application(s) for export approval of "FooCrypt, A Tale of Cynical Cyclical 
Encryption."

Early releases of "Cryptopocalypse NOW" will be available in the period leading 
up to June, 2016.

Limited Edition Collectors versions and Hard Back Editions are available via 
the store on http://www.foocrypt.net/

© Mark A. Lane 1980 - 2016, All Rights Reserved.
© FooCrypt 1980 - 2016, All Rights Reserved.
© FooCrypt, A Tale of Cynical Cyclical Encryption. 1980 - 2016, All Rights 
Reserved.
© Cryptopocalypse 1980 - 2016, All Rights Reserved.



> On 5 Nov 2018, at 10:35, Nicholas Papadonis  
> wrote:
> 
> Comments
> 
> On Sat, Nov 3, 2018 at 5:56 PM Bear Giles  > wrote:
> > I'm considering encrypting a tar archive and optionally a block file system 
> > (via FUSE) using either utility
> 
> Linux has good support for encrypted filesystems. Google LUKS. 
>  
> BTW a tar file starts with the name of the first entry. The 'magic numbers' 
> are at offset 128 or so. However a compressed tar file will start with a 
> known value since gzip, b2zip, and 7zip?, all start with their magic values.
> 
> Does tar placing known data at a certain offset increase the probability that 
> someone can perform an attack easier?  They may already know the data to 
> decrypt at that offset and if the encrypted block overlaps, then the attack 
> is easier.   
> 
> Thanks
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[Марк Коренберг]

Try openssl cms ( as newer alternative to s/mime)
пт, 2 нояб. 2018 г. в 23:30, Nicholas Papadonis :
>
> Security Experts,
>
> I'm considering encrypting a tar archive and optionally a block file system 
> (via FUSE) using either utility.  Does anyone have comments on the best 
> practices and tools for either?
>
> I read that the OpenSSL AES-CBC CLI mode is prone to a malleable attack 
> vector and it's CLI interface should not be use directly for production.  I 
> have also read that GPG is the suggested alternative to OpenSSL CLI due to 
> this.  I have followed through with the OpenSSL CLI AES tests and am curious 
> where the malleable attack is (in the pipe?).  I am also curious to why GPG, 
> which is an asymmetric key manager, is used for file based encryption when 
> only a single key is required.  How does GPG solve this malleable attack 
> vector.
>
> A security expert's guidance here is much appreciated.
>
> Thank you,
> Nicholas
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-- 
Segmentation fault

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenSSL vs GPG for encrypting files? Security best practices?

[Nicholas Papadonis]

Security Experts,

I'm considering encrypting a tar archive and optionally a block file system
(via FUSE) using either utility.  Does anyone have comments on the best
practices and tools for either?

I read that the OpenSSL AES-CBC CLI mode is prone to a malleable attack
vector and it's CLI interface should not be use directly for production.  I
have also read that GPG is the suggested alternative to OpenSSL CLI due to
this.  I have followed through with the OpenSSL CLI AES tests and am
curious where the malleable attack is (in the pipe?).  I am also curious to
why GPG, which is an asymmetric key manager, is used for file based
encryption when only a single key is required.  How does GPG solve this
malleable attack vector.

A security expert's guidance here is much appreciated.

Thank you,
Nicholas
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[Michael Wojcik]

> From: openssl-users  on behalf of Nicholas 
> Papadonis 
> Sent: Friday, November 2, 2018 14:29

> I read

Where? It's hard for us to determine the quality of your source, or your 
interpretation of it, if we don't know what it is.

> that the OpenSSL AES-CBC CLI mode is prone to a malleable attack vector

I don't know what "malleable attack vector" is supposed to mean in this 
context. CBC, regardless of the cipher, has certain well-known vulnerabilities. 
Those probably aren't a concern for most personal file-encryption use cases.

If you have regulatory/legal requirements, then rolling your own 
data-protection solution, even using presumed-good crypto implementations, is a 
Bad Idea.

> and [its] CLI interface should not be use directly for production.

I would certainly be leery of doing so. It's not what the openssl utility is 
primarily intended or designed for.

There are at least two main drawbacks of using the openssl utility in 
production:

- It primarily exposes primitives, not complete cryptosystems. That means 
either you're composing those primitives into a complete cryptosystem yourself, 
which is a process fraught with danger; or you're using an incomplete 
cryptosystem. In this case, if you use openssl, where is your integrity 
protection coming from, for example? How are you handling key management, 
hygiene, and disaster recovery?

- Usability is minimal (for good reason - it's meant as an ad hoc toolkit). 
There's no error logging or auditing, and minimal diagnostics. Failure modes 
are pretty much "write an error message and give up".

> I have also read that GPG is the suggested alternative to OpenSSL CLI due to 
> this.  ...
> I am also curious to why GPG, which is an asymmetric key manager,

GPG is an implementation of the OpenPGP standard, plus additional 
functionality. It's much more than a "key manager".

> is used for file based encryption when only a single key is required. 

GPG supports symmetric encryption. A web search should turn up thousands of 
pages describing that feature. (Some will be out of date regarding the default 
cipher and other details; consult the documentation for the current GPG 
version. I think the default now might be AES-128 CBC, with SHA1 as the MDC, 
but I haven't checked.)

> How does GPG solve this malleable  attack vector.

Hard to say without knowing what the "malleable attack vector" is.

GPG *is* intended to provide a complete, if rather minimal, cryptosystem for 
this use case (symmetric encryption of individual files, under a personal-use 
threat model). For one thing, it (by default) includes an MDC for integrity 
validation; for another, it provides slightly more sophisticated features for 
key hygiene.

We don't really know the parameters of your use case, so it's not really 
possible to make a reasonable recommendation. Do you have regulatory or 
statutory requirements, or requirements imposed by some other authority (e.g. 
an employer)? How sensitive is the data? How are you managing your key? What 
provisions do you need to make for disaster recovery? How are you addressing 
file integrity? What does your threat model look like?

This is why the simplest approach is to find a complete system that addresses 
all your requirements. It may not be free, but then neither is your time and 
energy - you can pay money, or you can pay in opportunity costs and cognitive 
load. Of course, many people simply ignore the issues and roll their own 
systems. Often they'll get away with it. Sometimes it will come back to bite 
them.

-- 
Micahel Wojcik
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users