New Thumb Drive Encryption Procedure

In this article, I’ll describe a procedure for preparing a brand-new USB flash drive for use. First we’ll securely erase all the data on the drive, then we’ll encrypt the entire drive, and–finally–we’ll check the drive for bad blocks.

Ah, remember the good-ole days of spinning disks? When your OS could tell your hard *disk* . . . → Read More: New Thumb Drive Encryption Procedure

How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Today I discovered how to validate the Public Key Algorithm that’s used for a given gpg key. Unfortunately, it’s extremely unintuitive & took quite a bit of digging to figure out how. So I’m leaving this here in hopes it helps someone in their future searches.

. . . → Read More: How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

HPKP Best Practices for Let’s Encrypt

This post describes how to generate a few backup public key hashes to add to your HTTP Public Key Pinning (HPKP) config that might save you from bricking your domain if Let’s Encrypt ever gets untrusted like StartCom did.

If you have a healthy distrust of the X.509 PKI trust model, then you’ve probably heard . . . → Read More: HPKP Best Practices for Let’s Encrypt

Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN–and one that connects to the Internet normally . When finished, the internet activity for any device connected to . . . → Read More: Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

Eavesdropping Analysis of PGP Metadata

This post attempts to answer the following question: If an evesdropper intercepts a message encrypted with gpg, how much information will they be able to extract from the message without a decryption key?

I will show the unencrypted metadata added to a GPG-encypted message, and I will present commands that can be used to extract . . . → Read More: Eavesdropping Analysis of PGP Metadata

Extend GPG Key Expiration

I came back from my “cross-country bicycle trip”:http://1guy2biketrips.michaelaltfield.net to discover I could no longer send signed email because my key expired! I’ve also changed colleges from “SPSU”:http://www.spsu.edu/ to “UCF”:http://www.ucf.edu, and my old college is expiring my email address, so here’s what I need to do:

# Extend my key’s expiration another year # Add new . . . → Read More: Extend GPG Key Expiration

Plausibly Deniable File Encryption

Plausibly deniable encryption is a fascinating concept. For example, “TrueCrypt”:http://www.truecrypt.org/ (a FOSS for hard disk encryption) has a wonderful “Hidden Volume”:http://www.truecrypt.org/docs/?s=hidden-volume feature that provides “Plausible Deniability”:http://www.truecrypt.org/docs/?s=plausible-deniability. The concept is: you install 2 OS instances on your computer–1 in a hidden volume. If, for whatever reason, you were forced to reveal your encrypted data, you could . . . → Read More: Plausibly Deniable File Encryption

Sabayon, KDE, and Evolution

I recently reformatted my hard drive–switching from pure Gentoo to the Sabayon fork. Sabayon did for Gentoo what Ubuntu did for Debian. It’s generally a lot easier to use, but–unlike Ubuntu–it doesn’t sacrifice functionality for ease-of-use.

. . . → Read More: Sabayon, KDE, and Evolution