Given this - Summary:
Essentially, to make debugging easier, the OpenSSL volunteers (highly skilled volunteers eff-up as much as anyone else, mind you - someone should pay these people) and the Debian volunteers (same situation, but with less computer security sauce) authorized the Debian volunteers to completely cripple many open-source crypto protocols. Not that they hijacked and crippled every system, but they sort of unknowingly crippled a core crypto system pretty much everyone relies on, and apparently no one noticed for about a year.

Anyway, given that, I finally went and figured out how to use SSH with honest to goodness asymmetric-key certificates instead of just interactive on-the-fly crypto it provides where you type in your password every time. It turns out that the crypto was so crippled that for anyone in the know, if they were sniffing your traffic and you were using the on-the-fly crypto, you may as well have been typing your passwords in the clear.

If you use DreamHost, there are good generic and PuTTY-specific instructions on the support Wiki.

As you may know, the our border agents have started to require various travelers (i.e. the shifty-looking ones that try to cross borders) who happen to have tech gadgets with them to turn those gadgets on, login, mount encrypted drives, etc., so that those agents can make copies. I’m not planning to leave the country, but I’m also not interested in taking chances here.

Normally while the gross invasion of privacy of others bothers me, the actual fact of this sort of behavior does not, because I usually don’t travel with my various vitally private files (usually to do with cryptography) with me.

This has changed since I started using a USB key and portable applications to do what of my personal business I do at work. Until this morning, I had GPG, GPGShell and my GPG/PGP keys on my USB key that I use for portable computing. Now I don’t. The alternative was to keep that stuff on my USB key but put them in a hidden cryptography volume. I decided that was probably too fiddly and I didn’t need that stuff with me that badly.

But why would I think about it at all?

[Read more →]

I’ve been moving files around at work and encrypting the ones that make sense to do so.

From Cryptonomicon, I understand that “radio games” roughly translates to “funkspiel” in German (partly because the radio on German submarines used to be called the “funkmaat”). I’ve been creating sized-just-right crypted logical drives/files with TrueCrypt, putting various big-ass compressed archive files in them and then mothballing them forever on reliable network-based storage in case my laptop goes tits up (note to my gender-balance obsessed friends - I say this in full awareness that I possess moobs, so I figure “tits up” is a gender neutral phrase).

What makes it even sillier is that the reliable storage in question is auto-compressed and TrueCrypt drives do not work in NTFS compressed files land (i.e. if the *.tc file itself is compressed), so when I copy the volumes over to the network storage, they automatically do not work while they’re sitting there but are easily reactivated by copying them back to or setting them back to being non-compressed. But since I plan to revive by copying them over first to non-compressed storage that’s all good too.

Anyway, there must be a funkspiel equivalent for cryptography.