Pops-eye Magazine Blog

“Nice one! What was the password? 12345?”
The quote is from the drama series Spooks. In the latest episode a laptop was stolen from an MI5 courier and the encryption was broken using bots. I think they meant that the botnets were used to decipher data using brute-force, rather than internet bots. Simply put – number-crunching is done using computers, the owners of which were dumb enough to download, install and run a computer virus!
It may seem vital to the security of sensitive information, but one aspect of data (de)encryption we simply can’t avoid – a human element. Whether we use a too simple of a password, misconfigure the software/hardware installation or simply use our position (with or without necessary clearance) to access protected data.

Data encryption is not the domain of only security forces any more. I would think that corporate world sees far more action in terms of industrial espionage. Reportedly, up to 71% of  companies use some sort of encryption on data transfer and storage. After all, you get paid for this activity, whereas trading state information gets you killed or imprisoned, if we believe the TV drama. We won’t stop there. The progress made in the open standards enables us, ordinary users, to benefit from publicly available (de)encryption software tools.

Quick note on encryption. The encryption is the process of transforming information into incomprehensible blocks of data using some sort of algorithm. The only way to decipher the information one has to have the right key. Passwords (or memorable phrases) are often used as encryption keys, but they have to go through key derivation function, by adding random bits of information through one-way function.

“12345” as a password would be an option but only if you are trying to hide your porn from mum or a girlfriend.

Cryptography is highly mathematical in nature. In fact it is a product of the coding theory (http://www3.open.ac.uk/study/postgraduate/course/m836.htm) and has its roots in a branch of mathematics called number theory, . If you would like to read more about mathematics of cryptography then read it here: http://www.snellgroup.com/documents/white-papers/white-paper-Good-Old-Mathematics.pdf.

The science of data encryption is abstracted from the user by the means of graphical interfaces, thus making it far easier to create encrypted files, folders, partitions and even pen and hard drives. All forms of disk encryption.

I personally like the idea of pen drive encryption.

In fact I am going to create one before going on a business trip, where there is a real chance of loosing the disk full of sensitive information. Because I am concerned for the safety of the data, I am sure to use 2048 bit encryption key. Paranoid? Well, yes. Unfortunately that’s the least of my problems.

I am not going to prepare the HOW-TO on encryption but you can get more information from the following sources:

1. Linux users:
1. TrueCrypt tutorial from HowToForge
2. Encrypted USB Pen Drive with GNU/Linux Ubuntu 8.10 Installed
3. Discussion on LinuxQuestions
2. Windows users:
1. http://ranjanajain.wordpress.com/2009/04/25/bitlocker-to-go-windows-7/
2. http://dotexe.wordpress.com/2009/10/07/keep-your-data-private-with-diskcryptor-free-disk-encryption-for-windows/

There is a lot of money to be made in encryption business, let alone in decryption, but it may one day become totally irrelevant with the advent of cloud computing and cloud encryption management (http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1202516998090&Desktop_Encryption_Moves_to_the_Cloud).

Safe encryption everyone,

p.