Throw the Mind [dot] Com » Encryption

dev.throwthemind.com

Nathan — Wed, 17 Dec 2008 05:25:12 +0000

I have come to the conclusion that my little vps just won’t cut it for running multiple site, irc, poxy, and who knows what else. So I have decided to make a few changes. If you haven’t noticed the blog isn’t under ssl anymore. This is because I have moved over to Dreamhost. This should make things run faster and administration of the site is way easier. Everything else is pretty much the same, just use “dev.throwthemind.com” I sure hope I haven’t screwed anything up too bad.

Thanks
Nathan

Tags: Encryption, Website

Now Lets Securely Delete Files

Nathan — Sun, 10 Feb 2008 06:20:25 +0000

Every week I listen to Security Now a podcast hosted by Steve Gibson and Leo Laporte. The other week I found out that most File Shredding programs don’t actually delete the files in the correct manner. A file isn’t deleted until its place on disk has been allocated to another file. This is the reason there are so many file recovery programs available. So what are we suppose to do if we want to delete a file and be sure it can never be recovered again? We download SDelete from Sysinternals and put it to work. SDelete is a command line utility and personally I don’t like having to type in a long command just to delete a file. So I wrote up a nice little batch program. You can either drag and drop one file, or one folder and it will delete the item using SDelete. All you have to do is download the batch file to the same directory as SDelete.exe and your good to go. Also the batch file tells SDelete to do five passes, just to make sure your item isn’t coming back.

Download SDelete.exe http://download.sysinternals.com/Files/SDelete.zip
Download delete.bat http://throwthemind.com/tools/delete.bat

In the last few days I have shown you how to encrypt and decrypt any file, and securely delete any file (unencrypted ones) all running off a USB Dive without Administrator access on a Windows machine. I hope you get use out of this, I know I do.

Thanks
Nathan

Tags: Encryption, Programming, Security, Windows

Using OpenSSL on Windows with a USB Drive

Nathan — Fri, 08 Feb 2008 04:21:39 +0000

The other day I picked up a new 2gb USB Drive. I like to keep storage with me, as well as programs like Portable Putty, Firefox, Filezilla, VLC, 7Zip and KeePass. All of which can be downloaded free at PortableApps.com Keeping all these programs only takes up around 150MB, which isn’t bad when you have 1.9GB to play with. Now lets talk about encryption. Using a Mac or Linux a lot like I do, you find OpenSSL is awesome. You can easily encrypt and decrypt files quickly. I recently got to looking around and found an .exe of OpenSSL. So I started playing. When I was done I had OpenSSL working off a USB Drive, and a batch file that either encrypts or decrypts based on the file extension. Oh and the batch file is run by dropping a file onto it. Here is what I did.

Download Win32 OpenSSL v0.9.8g Light and install.
Copy C:\OpenSSL\bin to your USB Drive.
Rename the bin directory to openssl.
Copy libssl32.dll, libeay32.dll, msvcr71.dll, ssleay32.dll from C:\WINDOWS\system32 to your new openssl directory.
Double click on openssl.exe in your openssl directory. If it works you should get a command prompt showing OpenSSL>
Download this file to the root of your USB Drive. encrypt-and-decrypt.bat
Now you have drag and drop encryption and decryption using aes-256.

The batch file will encrypt any file but will not encrypt a directory. If you want to encrypt a directory you can use 7zip to zip up the directory, then encrypt the .zip Also the batch file will only decrypt files ending in .enc Test it out and you will see what I mean. If you have any questions just leave a comment.

Thanks
Nathan

ps. If you want separated encrypt and decrypt files you can download these. encrypt.bat decrypt.bat

Tags: Encryption, Programming, Security, Windows

Password Manager | Passlet.com

Nathan — Tue, 16 Oct 2007 21:35:32 +0000

I have been toying with the idea of an internet based password manager. I started by making a C program but I never really finished it. Then I thought php would be the way to go, and never started it. So today I ran across passlet.com. It is a online password manager, that stores everything encrypted. The nice thing about this is that the browser actually does the encryption and then that data is sent over ssl to be stored in the server. This way everything is stored encrypted.

One thing I like about passlet over other systems is how simple it it. There is no crazy css going on, just simple ajax encryption and decryption. Also passlet isn’t afraid to show the queries between me and the server. I can see everything going on. I did some research on the site and it seems like it has been around for a year or so. I would feel more comfortable if I controlled the server and database but really its probably more safe than some e-commerce sites out there. I will be giving passlet a shot and will let you know how I feel.

Tags: Encryption, passwords

SSL Helped Defeat Spam

Nathan — Tue, 07 Aug 2007 13:36:47 +0000

Since I have moved the entire Throw The Mind empire over to SSL I have noticed no comment spam. I don’t know if this is a coincidence or if spam bots don’t know what to do about http pages. Anyway just thought I would share.

Also if you are out in public and have the need to encrypt your internet traffic you have head over to Poxy and do it.

Tags: Encryption, Spam

SSL

Nathan — Sun, 05 Aug 2007 03:29:53 +0000

I may have SSL working…maybe.

[edit] And RSS feed is working.

Tags: Encryption

Google Reader Watcher

Nathan — Tue, 10 Jul 2007 22:14:31 +0000

I have been using Google Reader for about a year now, and I love it. It is the best web based RSS reader out there. A few months back I ran across a Firefox extension Google Reader Notifier. This had proved to be a great extension for showing how many items were unread in my RSS Reader. Then about a month ago the developer update and broke the extension. It just wasn’t reliable anymore. So I went on a search for a another extension, and what I found was even better. Google Reader Watcher does the same thing but uses SSL for its connection. I must recommend this extension for all Google Reader users.

Google Reader Watcher

Tags: Encryption, Extensions, Firefox, Google, RSS

OpenID Verification

Nathan — Wed, 13 Jun 2007 20:51:23 +0000

The other day I was listening to Security Now, a podcast about computer security, and they where talking about OpenID. I have OpenID implemented on this site in case you didn’t know. Anyway, a cool thing about OpenID is since it is open source, you can create your own way to verify yourself. So I can run an OpenID server off my web host, thus I am responsible for my own security and authentication. I like this idea, but one thing I don’t like is that most OpenID server simple use the standard user name and password for verification. This kind of sucks if my credentials get compromised, as this would open up every site I use OpenID on.

Idea for Verification
I got to thinking about this and how it can be improved. First I would only use the user name and password as a way of telling the OpenID server to start its verification processes. The next step would be to have the server use a key located somewhere to authenticate the user. This key would have to be created new after a certain amount of time. Once this key is validated then the server would know its really you. The great thing about this system is the key isn’t created by the OpenID server, it has to be created outside the OpenID server. This way if your user name and password are compromised they would only be good for a day, or less depending on how you have your key set up.

Idea for Storing the Key

The key could be stored in a non web accessible directory on the the same web server as OpenID. This would entail logging into the server though ssh or other means and creating the key. Still pretty safe as you would need access to the server in order to change the key.
Another way could be simply running your own OpenID server on you local machine, and storing the key only when the server is running.
GmailFs or other remote mounting disks.
Another site to create the key, although I don’t like this idea.
You could even encrypt the key, before storing it somewhere.
Many other possibilities

Tags: Encryption, OpenID, Security

SED Solution

Nathan — Fri, 28 Apr 2006 13:00:31 +0000

I was thinking about the problem I have when I start working out at SED. They watch the network like hawks, and don’t let you go to a lot of places. But I need my irc. So here is my proposal. A packet wrapper. Make a local tunnel, kind of like ssh tunnels do, but instead of encrypting it and sending it through port 22, wrap all the packets, to make them say look they they are google packets. Then send them to a proxy on a remote host, who opens them and sends them on there way. Therefore Big Brother would see google packets going to some host, and I don’t think they would look to see who that host it. What does everyone think? Let me know, I had to write this down cause I didn’t want to forget it.

Tags: Encryption

SSH Tunnel

Nathan — Fri, 03 Mar 2006 22:34:32 +0000

So I finally got a SSH Tunnel set up and working. So everything that goes through the browser is encrypted. With this new job, I think they may actually watch the network, and I don’t like the idea of my traffic being watched. So now they cant see it…he he Well anyway, it’s off to the 2600 meeting tonight, then to the anti-V-day/housewarming party over at Honey’s, Cherry’s and Mog’s Should be fun, well at least I hope so. This will be the first time in a while I’m going to go out and not care what Lauren is doing for the night. Although we did spend a little time together today. It was weird cause, everything was the same when we used to hang out, except we didn’t touch each other, like couples do. So maybe we’re cool and can hang out and stuff. Well back to work.

ttfn

Tags: Encryption, Feelings, Social, Work