Бабушка, смотри, я сделал двач! Войти !bnw Сегодня Клубы
Привет, TbI — HRWKA! 1239.0 пользователей не могут ошибаться!
?6941
прекрасное6443
говно5904
говнорашка5512
хуита4710
anime3065
linux2651
music2633
bnw2601
рашка2565
log2354
ололо2166
дунч1821
pic1815
сталирасты1491
украина1439
быдло1437
bnw_ppl1417
дыбр1238
гімно1158
security crypto truecrypt

Из битемаджего [chan] privacy:
Truecrypt certainly is better than notusing encryption at all. If you want whole disk encryption look into dm-crypt, else veracrypt/gostcrypt or GPG will do fine.

If you really are concerned about backdoors that much I like to show you the following:

Ever heard of intrinsics? It's about using hardware-implemented functions. To see what intrinsics your processor supports run "cat /proc/cpuinfo" (on unix-systems).

Intel processer povide intrinsics for AES and if you have a modern computer with an intel cpu, you are sure to have those intrinsics. And openssl happily uses these intrinsics per default. Here is a minor problem:

If you know how AES works, you know that encryption and decryption take the same amount of work. When using the openssl functions for AES encryption (not the ones which use intrinsics!!!) however, encryption can take roughly twice as long as decryption. now let's look at the intrinsic: If you benchmark those functions you'll notice that encryption takes waaayyy too long compared to decryption.

Of course that doesn't proove that there's a backdoor, but if you have sensitive information whiches security is in your hands, you should keep the above information in mind.

If you use veracrypt, you will have options available to disable intrinsics. To my knowledge, dm-crypt uses intrinsics per defualt. Feel free to run cryptsetup benchmark.

If you want to be sure that there is no hardware backdoor, I suggest you use an uncommon cipher such as serpent that have no intrinsics available. Keep in mind that doesn't make https and gpg magically stop using AES. I will yet have to find out myself how to disable intrinsics in dmcrypt and openssl and would be most grateful if someone on BM could post the answer.

KISS:
If you handle very sensitive stuff, make sure you do not use intrinsics. And don't forget to airgap your machine.
For personal use, veracrypt (and in my point of view truecrypt too, correct me if I'm wrong) are most suitable and I enjoy the acceleration provided by intrinsics.
Though to make it harder for NSA to spy on you and learn something new, feel free to do some custom stuff such as a hardware number generator or a seperately encrypted container for your personal keys.

Here are my sources:
http://www.ct.de/cs1403154
https://en.wikipedia.org/wiki/AES_instruction_set
https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption
[feel free to add more, such as sources direct from openssl]
[maybe someone could provide more details about backdoors in instruction sets]

#MC8UIV (3+1) / @ninesigns / 3581 день назад
security rss link linux

http://geekscrap.com/2010/02/top-25-vulnerability-rss-feeds/ Список RSS с security updates подистрибутивно // спойлер: у slackware и openbsd пустые фиды.

#FDOMP1 (2+1) / @like-all / 3607 дней назад
security ? криптоанархия

Господа, от каких векторов атак вы защищаетесь и какие методы шифрования/хранения паролей используете?
То есть хочу набор туплов вида {юзкейс, метод_защиты, метод_хранения_ключей}

#K278WC (13) / @ninesigns / 3626 дней назад
security ?
Господа, как вы обеспечиваете надёжную регулярную ротацию паролей? В первые дни же ппц легко забыть чо ты там наменял, на бумажки пишете штоле?
#7NYPLJ (56+1) / @l29ah / 3626 дней назад
security
http://arstechnica.com/tech-policy/2014/11/most-people-have-heard-of-snowden-few-have-changed-habits-as-a-result/ Я мудак и не рассказал ни одному из знакомых гуманитариев о том, что такое mass surveillance и что нужно делать, чтобы чуть меньше мусорить онлайн.
#PVEIX7 (1) / @minoru / 3642 дня назад
hardware security
Чувак рассказывает про Intel Management Engine и как он ее пытался реверс-инжинирить. Спойлер: там внутре неон^Wэмбеддед-джава. http://dump.bitcheese.net/files/eronobo/igorskochinskyenpub-140312041852-phpapp02.pdf - вытащенная со слайдшары пдфка. http://youtu.be/4kCICUPc9_8 - видео доклада.
#7SZOG9 (17+1) / @lexszero / 3651 день назад
security tldr
http://www.jakoblell.com/blog/
#PPSLDN (0) / @ckorzhik / 3691 день назад
security crypto tldr
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html >Given all these great features, you might ask: why does everyone hate GCM? In truth, the only people who hate GCM are those who've had to implement it. You see, GCM is CTR mode encryption with the addition of a Carter-Wegman MAC set in a Galois field. If you just went 'sfjshhuh?', you now understand what I'm talking about.
#0YKAOU (0+2) / @ckorzhik / 3694 дня назад
security tldr

http://www.iso27001standard.com/free-downloads/ тоже про системы менеджмента ИБ

#HRNLAJ (0) / @ckorzhik / 3734 дня назад
security tldr

ISO/IEC 27003:2010
Методы и средства обеспечения безопасности.Системы менеджмента информационной безопасности.
Руководство по реализации системы менеджмента информационной безопасности.
http://labsm.ru/pluginfile.php/1048/mod_resource/content/6/27003.pdf

#WVUXWE (0) / @ckorzhik / 3734 дня назад
security log

Вайфай аэропорта Минеральных Вод настолько секурен, что ICMP echo и 22ой порт просто дропаются. Приходится ходить через тор.

#0IBOEH (1) / @l29ah / 3739 дней назад
security moto

В этом треде я принимаю предложения, какую сигнализацию поставить на мотоцикл,
равно как и аргументирвоные пояснения ее нахуй ненужности.

#1XW1OV (7) / @ninesigns / 3776 дней назад
security ? linux

Чят, покажи свой скрипт для сендбоксинга иксовых приложений средствами неймспейсов.

#UULEZM (0+1) / @l29ah / 3778 дней назад
security it

Рассылки ET продолжают радовать:
2014103 – ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url Matching DoS Tool (web_server.rules)
2014302 – ET TROJAN Suspicious HTTP Referer C Drive Path (trojan.rules)
2014758 – ET TROJAN Trojan.BAT.Qhost – SET (trojan.rules)
2014759 – ET TROJAN Trojan.BAT.Qhost Response from Controller (trojan.rules)
2017031 – ET CURRENT_EVENTS Unknown_InIFRAME – In Referer (current_events.rules)
2017561 – ET MALWARE W32/Wajam.Adware Successful Install (malware.rules)
2017788 – ET MOBILE_MALWARE Android.KorBanker Successful Fake Banking App Install CnC Server Acknowledgement (mobile_malware.rules)
2017880 – ET MALWARE W32/Linkular.Adware Successful Install Beacon (malware.rules)
2017935 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 SET (trojan.rules)
2017936 – ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 (trojan.rules)
2018059 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 1 (trojan.rules)
2018060 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 2 (trojan.rules)
2018061 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 3 (trojan.rules)
2018062 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 4 (trojan.rules)
2018063 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 5 (trojan.rules)
2018064 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 6 (trojan.rules)
2018065 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 7 (trojan.rules)
2018066 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 8 (trojan.rules)
2018067 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 9 (trojan.rules)
2018068 – ET TROJAN Possible KAPTOXA Encoded Data Transferred Over SMB 10 (trojan.rules)

#DSGCZE (0) / @hongweibing / 3866 дней назад
--
ipv6 ready BnW для ведрофона BnW на Реформале Викивач Котятки

Цоперайт © 2010-2016 @stiletto.