Tag Archives: encryption

What are keyfiles? how do they work ?

You may have seen in some applications that have an encryption option such as Kepass or Veracrypt where you can create a “keyfile” but what is a keyfile ? what is its purpose?.

Security Stock Image

A keyfile is a file with an encryption key that is random generated either by entering random text and numbers or moving a mouse around the key values that are generated are then outputted to a file used to decrypt the files. You can think of this as an alternative to a passphrase.

See below for a screenshot from Keepass which is a password manager. in the case of Keepass, you use your mouse to generate random values of up to 256bit the idea is the random motion of the mouse will generate a good amount of entropy.

keyfiles

Keyfiles can be used on their own or with another form of authentication such as a passphrase this is my personal preference I have a keyfile that is on a USB stick and also a passphrase the 2 combined are a great way to protect your data especially with something like a password manager.

A keyfile can have any extension it can also be hidden inside an image file for some sneaky stereography.

Like your private keys for your certificates, you want to guard the keyfile  as this is essentially your private key you ideally want to have the keyfile separate from the database of files you are protecting.

It is not a good idea to have the keyfile and the data on the same computer especially if this is the only way in which you are using to authenticate yourself.

You may be a bit safe if you are using a passphrase as well as the keyfile.

Keyfiles are used in a wide range of applications that have an encryption mechanism I recommend the use of keyfile along with a passphrase always remember to treat a keyfile as you would a private key for a certificate

you can find Keepass @ https://keepass.info/

find Veracrypt @ https://veracrypt.codeplex.com

 

 

 

 

What is the issue with entropy in virtual environments ?

First off lets talk about what entropy is and why we need it,

Entropy is used for a randomization factor when generating a hash the more random the entropy is the more random the key is which makes the key more unique and avoids duplicate keys. Also when the keys are somewhat the same its possible to start finding patterns in the hash which can make it easy for an attack to decrypt the key.

 

encryption

In a traditional environment  PC’s have physical hardware such as your Mouse.Keyboard,CPU etc than could all be used during the entropy stage to get random value for hashing.

But the issue now is that virtual environments have removed the physical component and the hardware is now virtual. Virtual hardware is less random than physical hardware which raises the issue of a truly random number set  in a virtual environment.

To combat this issue some interesting approaches have been used such as using a wall of lava lamps …Funny I know but the lava lamps are used to get some random values based on the movement of the blobs or whatever you call the stuff in the lamp.

See cloudflares lavalamp wall https://www.youtube.com/watch?v=1cUUfMeOijg

There have been other aprocaches  such as using random noise from areas such as shopping malls and outdoor noise there are also osilators that have been used to get values from.

This is affects IOT devices as well

Entrophy as a service

There are now companies that offer entrophy as a service so via an api or some other way you can ask the provider for some randomness.

one of these vendors is https://getnetrandom.com 

They have a free service and a paid for service as well where you can get randomness while generating your encryption keys. You download a simple client that is windows and Linux compatible and when you need it you can get some truly random numbers according to the site.

they also have a physical device for enterprise deployments

 

The issue of entropy currently may not be a critical issue but it is something to keep aware of we as security pro’s need to understand the implications of low entropy while generating our keys

 

 

Encrypting your data with Truecrypt

Hello All,

In this post I will show you how you can protect yourself against data theft using free open source software

You have heard it on the news someone working for some company was taking an usbstick/portable hard drive from one place to another and lost it and now there are thousands of people’s personal data going around and on some cases not even encrypted! So anyone can simply take that usb stick plug it into a computer and now have all those people’s personal data!

As a company what a pr disaster
As a customer your thinking how did this happen? Is my data safe?

the above scenario isn’t just for business think of how many regular people have personal information on these devices that are lost on a daily basis think of it your personal information,pictures,tax returns,emails,documents,resume

These are not out of the ordinary to find on an usb stick
a piece of data as simple as a resume carries a significant amount of information about you that you may not want a stranger knowing such as your email address/phone number /address etc.

So let’s dig in

First what is encryption?

The best way to put encryption into general terms is you have a secret message for example
Hello everybody
Now you don’t want anyone but the person you or someone you want to see your message
So you create a special code to make the text look like gibberish
For example @^&@^#**#*( *#&(*#& << this would be an example of an encrypted message Now with every encryption you need two sets of encryption keys your public key which everyone can see And you’re private key this key only you know the public key is your garbled text and your private key Makes sense of that garbled text to generate an encryption key you need a cipher a cipher depending on the strength can make a longer stronger this is done by the creating the key using the random number generator to generate the keys the whole point about the length of the key is to make a brute force attack against the encryption key not feasible depending on the size and complexity of the key it can takes decades before you would come close to breaking the encryption Now there are also 2 types of encryption the one above I have explained is call public key encryption where you need 2 sets of keys to decrypt the information or this is also known as asymmetrical encryption The other type is symmetrical where two people or computers have the same key on either end to decrypt the information For more information and a complete rundown on how encryption works True crypts documentation has A lot of technical information on how this all works if interested I highly suggest reading it Now let’s install and use this awesome software The software we are going to use to encrypt our flash drives/portable hard drive is called True Crypt available @ http://www.truecrypt.org

I personally use this software and its great not only is it free and open source which I am all for
It supports many industry standard encryptions and is super easy to use which is always nice
The software also gives you an option to encrypt your system drive but for that I would follow the
Manual available on the site

To use the software first we download the software
Now install the software the process in windows is basically next
for Ubuntu/debian sudo apt-get update && sudo apt-get install truecrypt

Once the software is installed you will get to the main screen see below

xp_main-v7.0

Now from this screen you will choose the option “Create volume”

xps_wizard-v6.1a

Select “Encrypt a non-system partition/drive”

Now choose your flash drive click next

You will now be able to choose the encryption type you want

I recommend SHA-512 algorithm with AES-twofish

xps_wizardciphers

Now click next

You will now create your passphrase

please remember your encryption is only as powerful as your password if you use a simple dictionary based password your encryption is useless as someone will be able to guess your passphrase and unencrypt your data I suggest 10 character password with uppercase and lowercase letters and numbers and a special character this type of password would take years to crack with a password brute force attack

You will now format your drive I recommend the slow way (Not the quick format) as a next layer of protection as your drive is now filled with zeros even though its slower quick works well too it depends on how paranoid you are

And voila you have a fully encrypted flash disk now remember you will need the truecrypt portable version with you possibly on another stick or you can get creative and make a second partition on your stick with only the executable on it to mount the drive

And now with all that you now can carry your flash drives and harddrives with confidence that if lost or stolen your information is safe

if you have any questions/comments/suggestions please let me know

Till Next time stay secure !!!!