Quotes | Summary | Intro | Device | Cloud | Notes | Indiv. Files |
References: General | Android | FBI (vs. Apple) | Government; Backdoor |
iOS | macOS | Quantum | Windows
Quotes
- "Dear Dr. Weyer: Thank you for contacting me about the Federal Bureau of Investigation's (FBI) request...
- Must you surrender a password to law enforcement?...
- "The Constitution sometimes insulates the criminality of a few in order to protect the privacy of us all"...
- "The Supreme Court and all courts established by Act of Congress may issue all writs necessary...
- "There are two types of encryption:...
- "Encryption should be enabled for...
- "The government does things like insisting that...
- "You can't distinguish a properly encrypted communication from random behaviour...
Summary
- [1] Use a password manager to encrypt, store and access all of your passwords;
e.g., 1Password; see: P@s$w0rdz course - [1] Encrypt device and backups with a strong password to prevent access to sensitive files,
e.g., Mac: FileVault, Win: BitLocker - [1] Check encryption on cloud files/backups, i.e., private key?
- Very secure-- depending on how files are encrypted and stored, and who has access.
- For brief explanation of different levels of security (via encry ption) for Local and Cloud, see P@s$w0rdz:Storing:Encrypt
- [2] Encrypt notes (less necessary if device & backups encrypted)
- [3] Encrypt individual files or folders (ditto)
- References
Encryption: Intro
- We'll cover various kinds of encrypted internet connections later under Internet Connection: Wi-Fi, VPN and Web Browsing: HTTPS, shopping, Email, Talk and Chat
- With today's faster processors, there's no perceptible delay for encryption/decryption.
- For strong encryption, look for "AES-128" or "AES-256" (Advanced Encryption Standard) -- and create a strong password!
- Avoid weak encryption, i.e., weak password (even with AES-128,-256), or older .zip format; standard .pdf or Office file
- Backup any encryption or recovery key somewhere secure, e.g., password manager, SD box
- If you also save recovery key in cloud (iCloud, Microsoft), you could conveniently access it, but so could government (legally or illegally) or hackers
- Encryption becomes more vulnerable over time with faster processing, better algorithms, uncovered backdoors, more invasive laws / exceptions, quantum computers.
- As a last resort, if you must share sensitive info, e.g., key, credit card, password, and end-to-end encryption is not available (email is typically decrypted at server, or your recipient may not be as careful as you are), communicate the information in fragments, e.g., separate emails, or use an alternate channel, e.g., text or phone
[1] Encrypt Entire Device / Disk -- and Backups
- It's simpler to just encrypt entire drive rather than selected files.
- iOS9+: automatic -- assuming strong (> 6 digit) passcode; also for recent Android
- macOS:
System Preferences > Security & Privacy > FileVault
;
i.e., FileVault 2; not recommended: "Legacy" FileVault (version 1) -- see Mac: FileVault references - You'll have to re-enter password after Logout / Shutdown, or sleep timeout; if you have a very strong macOS account password, you could encrypt using that same password and have it saved in KeyChain for convenience
- Encrypt backup (incremental & clone) partitions/drives, e.g.,
- macOS:
Time Machine > Open Time Machine Preferences > (partition/disk) > Encrypt backups
-- note much faster to encrypt during original partition/erase, rather than later - macOS: Carbon Copy Cloner: boot backup system, enable File Vault -- see Mac: Carbon Copy Cloner, FileVault references
[1] Encrypt Cloud Files & Backups
- See Backups for earlier discussion of cloud storage
- Files are normally encrypted in transit -- from your device to the cloud server
- Many cloud services then encrypt the files based on their key and/or your account password;
the files are accessible not only to you, but also to the provider, and by subpoena, to the government;
also, if file/folder URL is shared or discovered, anyone could access file - More secure cloud services, e.g., BackBlaze, support use of a private key known only to you (different from your password).
- The cloud service cannot decrypt files without this key, even under government demand -- more secure and preferable.
[2] Encrypt Notes
- If you have a strong device password and full device encryption, this may be unnecessary
- iOS:
Notes > (share icon) > Lock Note
- macOS:
Keychain Access > Secure Notes
[3] Encrypt Individual Files / Folders
- For individual files / folders, use "zip" utility w/ strong encryption, e.g., 7-Zip (Win, Linux) or Keka (macOS ), or recent WinZip -- not older original zip format
- 'Password protection' provided by some apps, e.g., Word, .pdf, may be weak
- If you want to encrypt more than a few files, and don't want to encrypt entire disk (or have an older Mac system), you can create a 'Disk Image' (embedded, compressed volume)
- macOS:
Disk Utility > File > New > Blank Image > encryption, image format: sparse bundle
References
- sections: Refs: Android; FBI (vs. Apple); Government; Backdoor; iOS; macOS; Quantum; Windows
- see sections: Anonymity:NSA; Backup:Cloud, Backup:iCloud; Malware; Mobile:Border; Who:Government
- topics: AES, backdoors, Cellebrite, certificates, CIA, DOJ, FISA, Graykey, NSA, PGP, public key cryptography, TLS, Wyden
- EFF: What Should I Know About Encryption
- Wikipedia: Cryptography; encryption; Multiple encryption; cryptographic privacy and authentication for data communication
- Wikipedia: Steganography concealing a (secret) file, message, image, or video within another (ordinary) file, message, image, or video;
intended secret message does not attract attention to itself; example: cat hidden within tree image - Wikipedia: Symmetric Key e.g., AES; use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext; for communication, requires secure initial exchange of one (or more) secret keys between the parties
- Wikipedia: Advanced Encryption Standard (AES) 128-, 192-, 256-bit
- Wikipedia: Data Encryption Standard (DES) obsolete, insecure 56-bit; target of 3/2015 FREAK attack
- Wikipedia: Public Key aka asymmetric cryptography; e.g., SSL/TLS, S/MIME, PGP, and GPG; requires two separate (but mathematically linked) keys, one of which is secret (or private) and one of which is public; public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature; computationally infeasible for a properly generated private key to be determined from its corresponding public key
- Wikipedia: Transport Layer Security (TLS); RC4 (Rivest Cipher 4)
- Wikipedia: RSA; Certificate authority; digital, public key certificates
- Wikipedia: postal analogy: symmetric vs. asymmetric
- Wikipedia: Cryptanalysis Cryptanalytic attack; Key size; Brute-force attack; Backdoor
- Wikipedia: Kleptography stealing information securely and subliminally, e.g., via cryptographic backdoor
- Wikipedia: Pretty Good Privacy (PGP); Bitcoin: digital currency; Blockchain
- HowStuffWorks: How Encryption Works; What is a digital signature?; How Code Breakers Work
- Wikipedia: .zip file format; 7-zip
- 7-zip free; Windows; macOS (Keka); AES-128, AES-256; How to Use 7-Zip to Encrypt Files and Folders
- WinZip commercial; Windows, macOS; AES-128, AES-256
- SCIpher - A Scholarly Message Encoder encodes (not encrypts) text message within a fake "Call for Papers"; ;-)
- Eight Secure Ways to Share Sensitive Information over the Internet
Data at Rest and in Transit?
Secure service like DocuSign
iMessage/Signal/WhatsApp
1ty.me or One-Time Secret self-destructing link
1Password limited link
Password-protected PDF
Password-protected disk image
Password-protected Zip archive
Cloud storage link that can be expired
TB; 1/23/2024 - A Popular Password Hashing Algorithm (bcrypt) Starts Its Long Goodbye Wired; 5/25/2023
- How to Encrypt any File, Folder, or Drive on Your System Wired; 1/22/2023
- How to Password Protect Any File
Microsoft Word, Excel, and PowerPoint;
Google Docs, Sheets, and Slides;
Apple Pages, Numbers, and Keynote; Wired; 6/19/2022 - Steps to Simple Online Security: 4: Encrypt Your Computer's Storage NYT; 4/8/2022
- Math That Helped Solve Fermat's Theorem Now Safeguards the Digital World
elliptic curve cryptography; NYT; 1/31/2022 - What is encryption? PC; 10/1/2021
- How to Encrypt Your Own Windows and Mac Devices (and Why You Need To)
FileVault, BitLocker, USB drives; LH; 8/17/2021 - 7-Zip developer releases the first official Linux version BC; 3/11/2021
- NSA urges system administrators to replace obsolete TLS protocols ZD; 1/20/2021
- How law enforcement gets around your smartphone's encryption Ars; 1/15/2021
- How Law Enforcement Gets Around Your Smartphone's Encryption
iOS, Android: Complete Protection (when off) vs. Protected Until First User Authentication
-- aka After First Unlock (AFU); Wired; 1/13/2021 - Zodiac Killer message known as '340 Cipher' solved after 51 years
the coded message was sent to the San Francisco Chronicle in 1969; CNet; 12/11/2020 - Microsoft Office encryption evolution: from Office 97 to Office 2019 10/31/2019;
- Dangerous SHA-1 crypto function will die in SSH linking millions of computers Ars; 5/28/2020
- How to Get the Most Out of Your Smartphone's Encryption both iPhones and Androids are encrypted by default. But there are steps you can take to safeguard your data on backups and messaging apps; Wired; 1/29/2020
- [2] PGP keys, software security, and much more threatened by new SHA1 exploit Ars; 1/7/2020
Android
FBI (vs. Apple)
- The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm. Azimuth; WaPo; 4/14/2021
- iPhone crypto hid al-Qaida link to naval base shooting, AG fumes investigators say they spent 4 months and huge sums to decrypt suspected iPhones; Ars; 5/18/2020
- What Apple surrenders to law enforcement when issued a subpoena AI; 1/21/2020
- Apple dropped plan for encrypting backups after FBI complained Reut; 1/21/2020
Government; Backdoor
- US courts have generally accepted that telling the government a password or encryption key is "testimony." A police officer cannot force or threaten you into giving up your password or unlocking your electronic devices. However, a judge or a grand jury may be able to force you to decrypt your devices in some circumstances.
- Wikipedia: Right to silence; self-incrimination; 5th Amendment; passwords; U.S. v. Fricosu
- Wikipedia: Key disclosure law; key escrow; National security letter
- NSA Says 'No Backdoor' for Spies in New US Encryption Scheme
NIST agency running competition for new encryption standards;
Quantum computing comes with risks for modern data protection; 5/13/2022 - Another Illinois Appeals Court Handles Compelled Password Production, Says There's No Fifth Amendment Issue Here TD; 12/23/2021
- NSA ducks questions about 'back doors' in tech products Reut; 10/28/2020
- The Police Can Probably Break Into Your Phone
phone-hacking tools typically exploit security flaws to remove a phone's limit on passcode attempts and then enter passcodes until the phone unlocks. Because of all the possible combinations, a six-digit iPhone passcode takes on average about 11 hours to guess, while a 10-digit code takes 12.5 years; NYT; 10/21/2020 - Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI amendment to IT law would make it illegal to use encryption protocols that fully hide the traffic's destination (ok: https:); ZD; 9/22/2020
- Iranian Hackers Can Now Beat Encrypted Apps, Researchers Say the hackers use a variety of infiltration techniques, including phishing, but the most widespread method is sending what appear to be tempting documents and applications to carefully selected targets; NYT; 9/18/2020
- NJ Supreme Court ruled that compelling a suspect to unlock their cell phone doesn't violate Fifth Amendment following opposite ruling by Indiana SC in June; Ars; 8/11/2020
- Is It Legal for Cops to Force You to Unlock Your Phone? Because the relevant Supreme Court precedents predate the smartphone era, the courts are divided on how to apply the Fifth Amendment; Wired; 6/27/2020
- It's unconstitutional for cops to force phone unlocking US courts disagree; forcing people to provide computer or smartphone passwords would violate the Fifth Amendment (right against self-incriminating testimony, not the production of incriminating documents); Ars; 6/24/2020
- Senators Launch Full On Nuclear War Against Encryption: Bill Will Require Broken Encryption, Putting Everyone At Risk TD; 6/24/2020
- Law enforcement can crack iPhones just fine without a backdoor ApIn; 3/11/2020
- The EARN IT Act Is a Sneak Attack on Encryption Wired; 3/6/2020
- Trump Administration Targets Your 'Warrant-Proof' Encrypted Messages NPR; 2/21/2020
- Man who refused to decrypt hard drives is free after four years in jail Court holds that jail time to force decryption can't last more than 18 months; Ars; 2/12/2020
- Sources: CIA secretly owned Crypto AG, the leading supplier of encryption systems globally, and could read allies' and adversaries' communications for decades WaPo; 2/11/2020
- US officials claim Huawei has, for over a decade, been able to covertly access mobile-phone networks globally through back doors designed for law enforcement WSJ; 2/11/2020
- How Attorney General Barr's War On Encryption Will Harm Our Military TD; 2/7/2020
- Microsoft CEO says encryption backdoors are a 'terrible idea' Verge; 1/13/2020
- The CIA's Infamous, Unsolved Cryptographic Puzzle Gets a 'Final Clue' Kryptos sculpture; MB; 1/31/2020
iOS
- How to Open 7z Files on iPhone & iPad OSXD; 3/10/2023
macOS
- Wikipedia: FileVault; Time Machine
- Apple: FileVault 2; Time Machine
- Take Control: FileVault
- Unarchiver extract only, including zip, 7-zip
- Keka macOS version of 7-zip; see Malware section on how to download & open 'untrusted' app
- Carbon Copy Cloner; how to create an encrypted, bootable volume using FileVault
- How protected is your Mac without FileVault enabled? MW; 9/28/2023
- Keka review: Compress, archive, and expand any Mac archive MW; 2/25/2022
- How to unlock your Mac with its Recovery Key and FileVault active MW; 8/6/2021
- How to encrypt files and folders on your Mac TR; 5/26/2021
- How to encrypt a Mac storage device MW; 4/29/2021
- How to recover data from a Mac with T2 or FileVault encryption and without a password
short answer: it may not be possible; MW; 11/19/2020 - Migrated your FileVault-enabled Mac? Clean up and regenerate your Recovery Key MW; 8/24/2020
- How FileVault and the T2 Security Chip work together in newer Macs MW; 8/21/2020
- How to check a Mac's free hard drive space MW; 3/26/2020
- Can't enable FileVault? An errant set of files may be blocking you
'A recovery key has been set by your company, school or institution' -- leftover from earlier installation? MW; 2/26/2020 - How to cope with a FileVault recovery key disappearing while you write it down MW; 1/7/2020
[2] Quantum; Future
- see {TCYOP-3: 43}
- Wikipedia: Quantum computing; Graphics Processing Unit (GPU)
- How Quantum Cryptology Works
- As quantum computing threats loom, Microsoft updates its core crypto library
Two algorithms added so far, two more planned in the coming months; Ars; 9/11/2024 - Companies Prepare to Fight Quantum Hackers
the National Institute of Standards and Technology published new standards for
post-quantum cryptography that will replace today’s encryption; WSJ; 8/14/2024 - New iMessage PQ3 Encryption Protocol Protects Against Post-Quantum Attacks TB; 2/23/2024
- Quantum Computing’s Hard, Cold Reality Check hype is everywhere, skeptics say, and practical applications are still far away;
challenges in making fault-tolerant systems; qubits' slow operating speeds; IEEE; 12/22/2023 - U.S. and China race to shield secrets from quantum computers harvest data now, decrypt later after 'Q-day'; Reut; 12/14/2023
- The Race to Save Our Secrets From the Computers of the Future
Q-Day: the day when a quantum computer factors very large numbers,
hundreds of digits long, into their prime factors; NYT; 10/22/2023 - An illustrated guide to quantum computing, including qubits, algorithms, challenges,
government support, and “Q-day”, when a quantum computer cracks encryption FT; 5/3/2023 - A deep dive into the race to develop a quantum computer
which could help address climate change and food scarcity, break current encryption protocols, and more; NYkr; 12/19/2022 - NSA Says 'No Backdoor' for Spies in New US Encryption Scheme
NIST agency running competition for new encryption standards;
Quantum computing comes with risks for modern data protection; 5/13/2022 - Cryptocurrency faces a quantum computing problem
cracking public key cryptography; CNet; 11/12/2021 - Post-Quantum Cryptography Standardization NIST; 10/29/2021
- Hackers are stealing data today so quantum computers can crack it in a decade MIT; 11/3/2021
- NSA does not know when or even if a quantum computer of sufficient size and power
to exploit public key cryptography (a CRQC) will exist 9/4/2021 - Fact Sheet: Does quantum computing put our digital security at risk?
symmetric vs. asymmetric; # of qubits; Internet Society; 7/2021 - What Makes Quantum Computing So Hard to Explain?
To understand what quantum computers can do -- and what they can't -- avoid falling for overly simple explanations; 6/8/2021 - 2 Win Abel Prize for Work That Bridged Math and Computer Science
lattice-based schemes based on the LLL algorithm which seem to be uncrackable by quantum computers
vs. current prime number-based encryption systems; NYT; 3/17/2021 - IBM completes successful field trials on Fully Homomorphic Encryption
FHE allows computation of still-encrypted data, without sharing the secrets; Ars; 7/31/2020 - U.S. hatches plan to build a quantum Internet that might be unhackable
new network would sit alongside the existing Web, offering a more secure way to send and process information; WaPo; 7/23/2020 - Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process NIST; 7/2020
- China Reports Progress in Ultra-Secure Satellite Transmission
quantum physics used to send a 'secret key' for encrypting and decrypting messages between two stations 700 miles apart; NYT; 6/15/2020 - Q&A: The Pioneers of Web Cryptography on the Future of Authentication
Martin Hellman, Taher Elgamal, and Tom Jermoluk were instrumental in shaping how the Internet works.
Now they're looking at what’s next for web security; IEEE; 6/5/2020 - IBM releases toolkit aimed at keeping data encrypted even while in use fully homomorphic encryption; ZD; 6/5/2020
Windows
- Tested: Windows 11 Pro's On-By-Default Encryption Slows SSDs Up to 45% 10/19/2023
- Windows Is Finally Getting Support for RAR and 7z Archives Windows 11; LH; 5/26/2023
- Microsoft is scanning the inside of password-protected zip files for malware
Why You Should Never Use the Native .Zip Crypto in Windows -- use other tools; Ars; 5/15/2023 - 5 great security tools built right into Windows
Windows Defender: manual scan;
Parental controls;
System restore point;
Memory Integrity;
Dynamic Lock; PC; 4/22/2021 - How to Hide Important Files on Your Windows PC difficult to 'hide'; safest to encrypt (and not rely on device password); LH; 10/29/2020