Safer Internet: Offline: Encryption

Why?

  • captain crunch decoder+ Prevent others from viewing sensitive files, notes, passwords
  • ? More difficult for law enforcement to read files or add spyware
  • - Time to setup
  • - Re-enter password to access files

Summary

Quotes

Basic

  • coffee canEncrypt entire partition or volume
  • iOS9+: automatic -- assuming strong passcode
  • macOS: System Preferences > Security & Privacy > FileVault;
    i.e., FileVault 2; not recommended: "Legacy" FileVault (version 1)
  • You'll have to re-enter password after Logout / Shutdown, or sleep timeout; if you have a very strong macOS account password, you could encrypt using that same password and have it saved in KeyChain for convenience
  • Also encrypt backup (incremental & clone) partitions/drives
  • macOS: Time Machine > Open Time Machine Preferences > (partition/disk) > Encrypt backups
  • [Refs:macOS]: "How to encrypt your Mac with FileVault 2, and why you absolutely should"
  • [Refs:macOS]: "Carbon Copy Cloner: how to create an encrypted, bootable volume using FileVault"
  • binary code upside downA few general notes about encryption strategy and strength
  • If you need to share key / password with someone else, communicate via alternate channel,
    e.g., if transferring file via email, send password via text or phone -- or in pieces
  • Backup any encryption key somewhere secure, e.g., password manager, SD box;
    if you also save recovery key in cloud (iCloud, Microsoft), you could access it, but so could government (legally or illegally)
  • For strong encryption, look for "AES-128" or "AES-256" (Advanced Encryption Standard) -- and create a strong password!
  • Avoid weak encryption, i.e., weak password (even with AES-128,-256), or older .zip format; standard .pdf or Office file
  • [Refs]: "How secure is AES against brute force attacks?"
  • disguiseEncryption will become more vulnerable over time with faster processing, better algorithms, uncovered backdoors, more invasive laws / exceptions.
  • [Refs:Govt]: "Apple, Google, and leading cryptologists urge President Obama to reject backdoors in smartphones and other devices"
  • [Refs:Govt]: "Forcing suspects to reveal phone passwords is unconstitutional, court says"
  • Files backed up to the cloud are usually encrypted automatically -- however, if provider has the password, this could be subpoenaed; if file/folder URL is shared or discovered, anyone could access file

[2] Selected Notes

  • grocery listmacOS: Keychain Access > Secure Notes
  • [Refs:macOS]: "Using Secure Notes to store secret information"
  • iOS: Notes > (share icon) > Lock Note
  • [Refs:iOS]: "How to Password Lock Notes on iPhone & iPad"

[2] Selected Files / Folders

  • "zip" utility w/ strong encryption, e.g., 7-Zip (= Keka on macOS) -- not older zip format
  • [Refs]: "How to Use 7-Zip to Encrypt Files and Folders"; "Five Best File Encryption Tools"
  • [Refs]: "Use an Encrypted Zip File to Secure Files in Dropbox"

[2] Selected Volume

  • evil plan wrenchCreate a "Disk Image" (embedded, compressed volume) -- if you don't want to encrypt entire disk (or have older Mac system)
  • macOS: Disk Utility > File > New > Blank Image > encryption, image format: sparse bundle
  • [Refs:macOS]: "How to increase Mac security with partition encryption"

References

Android

Government

Government: FBI vs. Apple

iOS

macOS

Quantum; Future

Windows