Articles with tag “Encryption”

A response to 'Strong Encryption and Death'

I recently read an article on the TriLUG blog mirror discussing access to data after the death of the owner. I've also given this a lot of thought as well and had previously come to the same conclusion as the original author of the article has:

"I created a file …

Continue reading…

Encryption you don't control is not a security feature

Catching up on my blog reading, this morning, led me to an article discussing Apple's iMessage program and, specifically, the encryption it uses and how it's implemented.  Go ahead and read the article; I'll wait.

The TL;DR of that article is this: encryption you don't control is not a …

Continue reading…

Postfix Encryption

I've been tinkering with the encryption options in Postfix for a while.  Encryption between clients and their SMTP server and between SMTP servers is necessary to protect the to, from, and subject fields, along with the rest of the header, of an email.  The body of the message is also …

Continue reading…

Securing Secure Shell

I was passed an interesting article, this morning, regarding hardening secure shell (SSH) against poor crypto that can be a victim of cracking by the NSA and other entities.  The article is well written and discusses why the changes are necessary in light of recent Snowden file releases.

Continue reading…

How to really screw up TLS

I've noticed a few of my favorite websites failing with some odd error from Firefox.

Firefox's Unable to connect securely error messageThe Firefox error message is a bit misleading.  It actually has nothing to do with the website supporting SSL 3.0 but the advanced info is spot on.  The error "ssl_error_no_cypher_overlap" means that the client …

Continue reading…

Automated configuration analysis for Mozilla's TLS guidelines

My friend Hubert has been doing a lot of work to make better the world a little safer.  Glad he's getting some recognition.  Here's a great article on testing your server for proper SSL/TLS configurations.

Continue reading…

Generating a PGP key using GnuPG

Generating a PGP using GnuPG (GPG) is quite simple.  The following shows my recommendations for generating a PGP key today.

$ gpg --gen-key
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY …

Continue reading…

SSL/TLS Trends

My friend Hubert has started compiling statistics of Alexa's top 1 million websites. Specifically, he's looking at their SSL/TLS settings and attempting to show trends in the world that is port 443.  He recently released his May numbers showing a slow but mostly improving security environment.  I'm hoping he'll …

Continue reading…

STARTTLS for SMTP

Okay, I don't really mean to advocate this as a privacy solution because it is and it isn't.  If you truly want privacy of your email you mustuse end-to-end encryption like PGP/GnuPG or S/MIME.  That said, I think it's good to encrypt things, even ciphertext, over the …

Continue reading…

256 Bits of Security

This is an incomplete discussion of SSL/TLS authentication and encryption.  This post only goes into RSA and does not discuss DHE, PFS, elliptical, or other mechanisms.

In a previous post I created an 15,360-bit RSA key and timed how long it took to create the key.  Some may …

Continue reading…