-----BEGIN PGP SIGNED MESSAGE----- The Encryption and Security FAQ - Revision 7 by Doctor Who This FAQ has now evolved through several revisions - I suspect it is nearing its mature stage. Many of the changes have come about from suggestions and helpful information from anonymous helpers - thank you. Introduction This FAQ is intended to help those who wish to improve their privacy. IF you view or store sensitive material on your computer this FAQ could be of help to you. It is not intended as a comprehensive overview of computer security, merely a means to that end. Links are provided throughout the FAQ. They are repeated in a list at the end for your convenience. This FAQ concentrates on computer security of sensitive data in the home. It also touches on privacy whilst online with Email and Usenet postings. Why do I need Encryption? That is for each individual to answer for themselves. How does encryption work? In its simplest sense, the plaintext is combined with a mathematical algorithm (a set of rules for processing data) such that the original text cannot be deduced from the output file, hence the data is now in encrypted form. To enable the process to be secure, a key (called the passphrase) is combined with this algorithm. Obviously the process must be reversible, but only with the aid of the correct key. Without the key, the process should be extremely difficult. The history and progress of encryption is beyond the scope of this FAQ, but the important point to understand is that the best modern encryption algorithms are virtually unbreakeable by anyone so far as is known, including Government Agencies. I want my Hard Drive and my Email to be secure, how can I achieve this? You need two different types of encryption software. For Email you need a system of encryption called public key cryptography. This system uses a key pair. One key is secret and the other is made public. Anybody sending you mail simply encrypts their message to you with your public key. They can get this key either directly from you or from a public key server. The only way to decrypt this incoming message is with your secret key. Thus it is called asymmetrical encryption. It is a one way system of encryption, requiring the corresponding (secret) key to decrypt. Actually there is a lot more to it than this, but this is reducing the principle to its bare essentials. For your normal hard drive encryption, you will need a symmetrical type of encryption program. The same key is used to both encrypt and decrypt. Which Programs do I need? Let's deal with Email first. For your Email I recommend Pretty Good Privacy (PGP), (http://www.pgpi.com/download/) It is virtually the de facto Net standard for Email cryptography. It is easily available and installed. PGP is available in several versions as freeware. For Dos I recommend version 2.6.3, for Win95 use version 5.5.3 The Dos version 2.6.3 is in a Zip file and easy to install. Version 5.5.3 is exceptionally easy to install because it comes as a self-extracting Zip. It is equally easy to configure and use. The source code has been published. The algorithm has, so far, survived critical analysis. PGP is available for many platforms, including Unix, OS2, Mac, Dos, Win95/98, NT. You can even work with the source code and compile your own version if you are truly paranoid! PGP has several DL sites. PGP (like all powerful crypto) is considered a munition by the American Government, which means its export is prohibited without a licence. PGP is available here: http://www.pgpi.com/download/ The PGP FAQ is here: http://www.cryptography.org/getpgp.txt Which version should I use? If you are going to send anonymous Email through the Cypherpunk anonymous remailer system, you will need PGP version 2.6.3. This version is also available as 32 bit which speeds up the process of encryption/decryption but maintains its compatibility with the Cypherpunk system. It is possible to install both versions, but I have found it very cumbersome trying to synchronise the two separate keyrings of the two versions. There are also various restrictions on the choice of type of key to retain backward compatibility. I have experienced incompatibilities between the two versions, despite ensuring that both versions have supposedly compatible keys. I've installed PGP, I've generated my keys, now what? Create at least two separate key pairs. The first pair are for your Email usage. This first key should be signed and if you want others to have access to your key to enable them to send you encrypted Email, submit it to a key server, e.g. http://wwwkeys.mit.edu:11371. You may want to adopt a Nym (anonymous name) for this key. If you do, then choose something that cannot be traced back to your Email address. I would recomment you also create a key pair solely for the Nym server. This is to encrypt your messages that pass through your Nym server. Any incoming mail to you via your Nym, even plaintext, will be encrypted from the Nym to your Desktop. If it is already encrypted by means of your published key, then it will be additionally encrypted by this Nym key. This ensures that everything sent to you via your Nym is secret. It is important to understand the differences between these two pairs of keys. The Nym key is just that. It should never be used for any other purpose. You must send the public key to the Nym server when you create you Nym, but that should be the extent of its dissemination. I would recommend that you do not sign this key, nor allow fingering from the Nym server nor submit it to the public key servers for others to access. For more understanding of the pros and cons of signing this key read the Nym FAQ. Where can I get the Nym FAQ? Send Email to: help@nym.alias.net - there is no need for a subject or body text. This is essential reading before you set up a Nym. What about the data on my Hard Drive? PGP is excellent for Email, but for data storage it is essential to use an "on-the-fly" encryption/decryption program. On-the-fly means the data is ALWAYS in encrypted form on the drive, it is only decrypted in memory (and possibly in the notorious Windows Swap file - more about that problem later). When the drive is mounted, this means after entering the correct passphrase and the drive is visible as plaintext, each read/write to the drive decrypts to memory or encrypts to the disk as necessary. It should be impossible to write to the drive when unmounted. If it were read, it would appear as gibberish. The advantages of this on-the-fly encryption/decryption cannot be too strongly emphasized. It means that at all times your files will remain in encrypted form on your hard drive. If a power failure occurred you are not left stranded with sensitive material lying around in plain text, except in the swap file! Yet once you have entered your passphrase you can see the contents of the encrypted partition, just as if it were plaintext. There are several of this type of program, with more appearing all the time. What is most important is that you use some form of encryption. There are many lesser programs that offer file by file encryption/decryption, but these offer unacceptably high security risks and should be avoided. There are other more practical advantages to on-the-fly encryption if you have a large hard drive. Just try decrypting several Megabytes or even Gigabytes of files each time you boot your computer, remembering they must all be re-encrypted at the end of the session and their plaintext equivalents securely wiped! With large drives using strong crypto it would take hours, an absurd scenario. I have Windows 95/98, what should I use? There are several programs that offer on-the-fly encryption/decryption. I have only had experience of one with Windows BestCrypt. I strongly commend BestCrypt for its very strosng security and ease of use. BestCrypt is commercial ware. It costs around 90 Dollars US. Its authors are in Finland thus outside the ITAR restrictions of the United States. You have a choice of three different algorithms: DES, BlowFish, GOST. A full explanantion of these algorithms is included with the documentation. Which is best, BlowFish or GOST? How long is a piece of string? It is impossible to answer. The BlowFish algorithm was designed by Bruce Schneier in 1993. He has given away his intellectual property rights to the algorithm in the interests of the wider crypto community. In my opinion a very generous action. The source code is available and has withstood 5 years of crypto-analytical scrutiny. GOST is a Russian crypto, a fallout from the cold war period. Probably strong, but.... One major advantage of Blowfish is its speed. It was written specifically for the 32 bit microprocessor. It is much faster than DES and GOST. The Blowfish algorithm can be implemented with variable key sizes from 32 to 448 bits. BestCrypt have chosen to use 256. This cannot be changed by the user and represents a compromise between absurdly high strength and speed. BlowFish is my personal choice, but you decide what is best for you. How flexible is BestCrypt?? BestCrypt can create any number of encrypted partitions called containers of mixed sizes up to 2 Gigabytes each, with a maximum of 8 mounted at any one time. BestCrypt offers other facilities, such as floppy disk encryption, hot key crash close and timeout close - if these are not intuitively obvious, all is explained in the help file. BestCrypt talk about virtual drives and containers which may confuse some people. The container is the name given to the encrypted partition. When viewed in Windows Explorer it will look like a very large file, in fact it looks identical whether mounted or unmounted. When mounted an extra drive letter appears in Explorer. If you click on this drive letter, its contents will be displayed by Explorer exactly as if it were a normal drive or partition in plaintext. You can download a 30 day trial version to try before you buy. I urge you to try it. BestCrypt is available from Jetico: http://www.jetico.sci.fi. What are the advantages of BestCrypt? 1. On the fly encryption/decryption 2. Easy to install and set up within Win95/98. 3. Can be easily manipulated as a Windows file for backup purposes. 4. Totally transparent in use, i.e. when mounted. 5. Can be set up on a Jaz drive, if required. 6. User determines the size of the container, up to 2 Gigabytes. 7. Includes a freebie wipe free space utility What are the disadvantages? 1. Commercial ware and so costs money. 2. The source code has not been published, but it does use the BlowFish algorithm, which has been published. 3. Care must be taken to only mount the container when off-line to prevent hacking (this applies to the inputting of any passphrase, including PGP). 4. Maximum size of container limited to 2 Gigabytes. 5. Writes to the Registry, thus impossible to hide its presense. I can get a "cracked" version, surely that must be good value? Good luck to you! The cost of getting it wrong far outweighs the monetary cost of paying for strong encryption. If you are confident that your cracked version is safe, fine. Many amateur but serious crypto programs come with PGP signatures to prove their authenticity and that they have not been tampered with. To choose a hacked program which has certainly been tampered with is lunacy in my opinion. The cracked program MAY be safe, but you will never be sure. Anyway, there is now no reason to choose a cracked version of commercial ware - see next question. Is there anything cheaper than BestCrypt? Yes. A new on-the-fly Hard Drive encryption program has very recently surfaced, called ScramDisk. It is new and early reports suggest there are a few minor bugs, but it is free. This is what is claimed about it: "ScramDisk is a Hard Drive encryption program that runs under Windows 95 & 98 and provides a number of 'high security' ciphers including 3DES, Blowfish and IDEA. Encryption is done in CBC-mode using random IV & pre-encryption whitening values. The program uses SHA-1 as the passphrase hash algorithm. This is the first version of ScramDisk that has been publicly distributed and the program is free of charge. The source code for the program is also available for download." One advantage of ScramDisk is it does not write to your Registry. This suggests that you could install it on, say, a Jaz drive and run it from there. When you finish your session you simply remove and hide the Jaz drive disk. There is then nothing left on your computer to suggest you are using encryption. This may be very useful in some countries with insecure/totalitarian Governments, such as France, Iraq, Iran, China and shortly the whole of the European Union. Two things to consider about this: 1. Where will you securely hide it? 2. A removeable media magnetic drive of any sort is inherently less rugged than a floppy or optical. This means more care will have to be taken when handling it. If you want ScramDisk try here: http://www.hertreg.ac.uk/ss/ Is ScramDisk easy to install? It requires a more technical insight into its installation than does BestCrypt, suggesting moderate computer literacy is required. As this is a new program, some may wish to await peer review before trusting it completely. The Author shows remarkable public spirit by offering the results of all his hard work entirely free of charge. His offer to publish the source code is even more welcome. I suspect there will be more refined versions published before long. I hate Windows, what about us Dos users? If you are running old faithful DOS or Win3.XX, then I recommend SecureDrive for your Hard Drive encryption. This is intended to encrypt whole drives (or partitions) up to the Dos limit. It is extremely powerful, it uses the IDEA algorithm with a 128 bit key size. It operates with on-the-fly encryption/decryption. Better still, the source code is available for those who understand such things, to prove that there are no back doors. As powerful as PGP, but specifically designed to hide files and folders on your computer. It encrypts the whole drive or partition except for the boot sector, unlike BestCrypt which limits itself to your chosen size. It is simplicity itself to install. Just unzip the file and read the install notes. It takes about one hour per Gigabyte to encrypt a drive or partition, depending on your processor speed, probably the same time as BestCrypt. One potentially strong advantage of SecureDrive over Bestcrypt is its ability to feign the use of a keyfile. Taken from the Install Notes (quote): "Since SecureDrive can encrypt disks using either a passphrase or keyfile or both. One devious defense against "rubber hose" cryptography is to set up a keyfile on your hard disk, but then overwrite and erase it. (But leave the environment variable). Each time you invoke LOGIN or CRYPTDSK, you will get a warning message that the keyfile cannot be opened. So it appears you have just destroyed your keyfile. But in reality your disk(s) can just be encrypted by a (strong) passphrase. But the only way your adversary can prove that a keyfile is not required is to guess the passphrase!" Very clever indeed. What advantages does SecureDrive have? 1. Freeware 2. On-the-fly encryption/decryption 3. Totally open source code, thus no back doors. 4. The ability to incorporate a keyfile at start up 5. More difficult to copy and crack off site 6. Passphrase is entered at Dos level, reducing the risk of a tempest attack on your passphrase 7. Maximum size of partition only limited by Dos Disadvantages: 1. Only works with Dos, Win3.XX or early versions of Win95 (pre OSR2). 2. Difficult to copy in encrypted form for backup purposes. 3. Difficult for the inexperienced user to control the size of the encrypted partition, unless he allows it full reign. 4. Cannot be used with a Jaz drive or a CD-Writer. Regrettably, SecureDrive is a 16 bit program and appears to be FAT16 compliant only. If you wish to use SecureDrive it is available here: http://idea.sec.dsi.unimi.it/pub/security/crypt/code/secsplit.zip For further reading and many security related links and a glossary of security terms try here: http://www.io.com/~ritter/GLOSSARY.HTM I use Mac, OS2, Linux, Unix, NT (fill in your choice), what about me? Sorry. I have no experience of any system other than Dos and Windows. What about simple file by file encryption? I strongly urge you to use on-the-fly encryption/decryption. Nevertheless, you may need a simple file by file encryption tool, but with the strongest possible security. PGP can be coaxed into this, but it is very clumsy in its Dos version, compared to some programs. This after all, is not its prime purpose. An alternative is Kremlin. This embeds itself within your Registry such that right mouse clicking on any file allows you to encrypt/decrypt/wipe the file. I will come back to Kremlin later in the FAQ. Kremlin is available here: http://www.mach5.com/kremlin/index.html Tell me more, tell me more, tell me more... As the majority of users are likely to be using Win95, I will concentrate on the BestCrypt program, but substitute SecureDrive if this applies to you. I strongly urge you to invest in at least two hard drives of equal size. Partition each drive such as to allow up to 2 Gigabytes for the BestCrypt container or whatever you can spare, depending on the size of your drives. These two separate partitions on each Hard Drive, one encrypted and the other plaintext for your Windows programs, etc, can each be copied to the corresponding second Hard Drive for backup purposes - more about how to do this later. The BestCrypt encrypted container is mounted by either clicking on the file or on the BestCrypt icon on your Desktop. When you do this, a window opens showing all the Hard Drives and all the BestCrypt containers that are available. Click on any one and a passphrase box opens. In this passphrase box you are offered a drive letter to allocate to this container. This is why it is called a virtual drive. For all practical purposes, after mounting, it seems like a drive. You can either accept the default Windows chosen drive letter, or change it to something else, provided it is not already in use. You can allocate the same drive letter to more than one container, provided you only open one of them at a time, otherwise it will default to a different letter. Once you allocate a drive letter, BestCrypt will remember it and use it until you choose to change it. This is very useful if you backup your BestCrypt container from one partition to another. One point to remember, if you have any shortcuts pointing to this drive letter on your desktop or in the drive itself or in the Windows Start menu, you will need to keep to the same letter every time you mount, otherwise the shortcuts will not function. I would not recommend leaving trails from the start menu or on the Desktop, but that is up to each of you. I would keep all the shortcuts in the root of the drive itself, together with all programs that you will use, plus all the files that you choose to DL, including PGP. I will give my recommendations later. When the drive is mounted it is seen in My Computer and in Explorer as "Crypted-Disk". This icon can then be clicked on and opened. The shortcuts to the programs residing within this virtual drive will then be seen as if they were on your desktop. You can use the same passphrase for all containers should you wish, perhaps even the same as you use for PGP. There are arguments for and against this, which I will not go into here. If you install PGP within the encrypted drive (most strongly recommended), you need not bother with any passphrases for your PGP keys, except as a precautionary means to identify different keys. More on this later in the FAQ. Are there any precautions in using BestCrypt? Yes. You must never defrag the drive on which the encrypted container resides unless the container is dismounted. You can defrag the container itself when mounted and you can defrag the drive on which the container is stored, provided the container is closed. To attempt to defrag a drive with an open BestCrypt container could be disastrous and cause the container to be irreparably damaged with consequential total loss of data. The moral is of course to always back up your data, hence my suggestion for two drives. Another precaution is to decide the size of the BestCrypt container, then partition your Hard Drive to that size. When you create the new container, BestCrypt will tell you the maximum size available within that partition. This partitioning of your Hard Drive takes the BestCrypt container off your normal drive C. This is recommended, otherwise it can take forever to defrag drive C as Windows will always endeavour to keep this very large file contiguous. If you are particularly lazy and never defrag your Hard Drive, it is possible under the worst case conditions for the BestCrypt container to become so fragmented that it will not mount. This will happen if there are more than 50 discrete fragments to the container. Always defrag regularly or better still use a separate partition. The BestCrypt containers cannot be deleted from within Windows. To delete/erase/wipe a BestCrypt container, you must do it through the BestCrypt control panel. It takes only as long as it takes to type in your Passphrase, then puff, your BestCrypt data is no more. Be very aware, this will irrevocably and irreversibly lose your data. It simply scrambles the passphrase checking part of the BestCrypt file. The encrypted data is now inaccesible and safely lost forever. The only way to recover it now would be by a brute force attack on the data - for all practical purposes an impossible task. Incidentally, although you cannot delete a BestCrypt container within Windows, it can be done when in Dos. You can also overwrite it within Windows by copying another similar named file over it. To Windows it is just another (possibly very large) file. Can BestCrypt encrypt Floppies? Yes. This is a very useful function - see later. Does using Encryption slow things up? Yes, there is a small speed penalty because your computer has to constantly encrypt to write to disk and decrypt to read from it. It is also the major reason given by the "decrypt all files together" type of programmer for you to buy his wares. These days this overhead is almost unnoticeable with any modern Pentium based machine. How can I partition my Hard Drive? I recommend Partition Magic. It makes partitioning your Hard Drive very easy. Better still, Partition Magic offers easy copying from one partition to another, even your Drive C. This is very useful. If you are unlucky enough to lose a drive (a virus, or whatever) you can use Partition Magic to copy it all back. It works in DOS and is very simple to use. It is commercial ware and costs around 70 Dollars. The manual forgets to tell you that before you can copy across from one drive or partition to another you must first delete (using the program) the destination drive or partition. Unless this is done the copy command stays greyed out! I have noticed other programs from Powerquest which suggest similar functions, but I have never used them so cannot vouch for them or offer any opinion about them. Partition Magic is available from: http://www.powerquest.com/ How large should I make the BestCrypt containers? The sizes of the BestCrypt containers are entirely up to you. There is no reason why you shouldn't make them of 1020 Mb if you are are going to backup to a 1 Gigabyte Jaz drive or double that if you are fortunate enough to have the 2 Gigabyte version. To save time you only need to create one container, then copy it using Explorer. It is quicker to do this than to get BestCrypt to encrypt another partition from scratch. If you want the benefits of an external hard drive, I would recommend the Jaz drive. The drawback is the cost of the media. I have no experience of the Syquest equivalent. Are there any bugs with BestCrypt? I have found only two. The first is it cannot create a container to the full capacity of a CD-RW disk. For some reason it can only encrypt to one quarter of the available space. You can work around this by creating it on your Hard Drive and copying it across. A CD-Writer is excellent for archiving, but very slow in my experience and prone to crashes! Present implementations are far too slow to use as a substitute Hard Drive. The second minor bug is when you request floppy disk secure mode with a previously encrypted floppy. For some reason on my system, at least, it always displays: Check floppy password error. It then offers three choices, retry: yes, no or cancel. If this happens to you, simply click on NO and you will find access is available to the floppy. To avoid this, I always uncheck the password check box first. Ignore the bug (if it appears on your system) and you have a very useful adjunct to your encryption armory. Incidentally, attempting to read from an encrypted floppy without first inputting the passphrase (i.e. setting secure floppy mode in BestCrypt) and Windows tells you the floppy has not been formatted and will offer to format the disk. Might be a useful feature. In earlier versions I wrongly claimed that it was not possible to do a diskcopy with an encrypted floppy. It is, but before reading the copy, remove it from drive A. This clears the Windows cache and it should then be possible to check the copy is encrypted and when in floppy secure mode, readable as plaintext. What are the precautions to be taken with the Passphrase? In earlier versions of this FAQ, I strongly recommended great care be taken to ensure a secure (which means long) passphrase is chosen. This still applies to the encrypted drive passphrase. However, provided you keep your PGP keyring within the encrypted drive there is no need to bother with a passphrase at all for PGP. This may sound extreme, but the protection of your privacy is ensured by the encrypted drive. It is quite possible that the threat posed by someone accessing your encrypted drive's contents is marginally more serious than their ability to access your PGP secret keys. If you decide to forego a passphrase for your PGP keyring, be absolutely certain that all your backups of the keyrings are in encrypted form. I suggest a possible solution to this later in the FAQ. Isn't there some risk with my passphrase always being held in memory? There is a slight risk of someone hacking into your computer whilst online and yes, they may be able to read anything that is in your swapfile or even your encrypted hard drive if it is mounted. If you believe this is a significant risk to you, then I recommend you try the BestCrypt+ hardware option. This requires a floppy disk containing a 128 bit randomnly generated keyfile be input before Windows is started. This at least ensures that any snooper cannot at a later date use your passphrase to open your encrypted drive. Even if your keyfile is stolen, it cannot alone open the BestCrypt container. It still requires your passphrase on boot. Of course, if you lose your keyfile.... If I go to all these lengths, am I truly safe? Not completely. There is still the faint possibility of a tempest attack. Tempest is an acronym for Transient ElectroMagnetic Pulse Emanation Surveillance. This is the science of monitoring at a distance electronic signals carried on wires or displayed on a monitor. Although of only slight significance to the average user, it is of enormous significance to serious cryptography snoopers. Are there any other precautions I should take? Make copies of all your PGP keys, a textfile of all your passwords, program registration codes, INI files of critical programs, secret Bank Account numbers and anything else that is so critical your life would be enconvenienced if it were lost. These individual files should all be stored in a folder called Safe on your encrypted drive. Encrypt a floppy with BestCrypt using your usual passphrase and copy this folder onto the floppy. When you ever update Safe, you should also update your floppy backup to ensure syncronicity. Now copy the self extracting Zip file for the BestCrypt program plus a plaintext file of the registration key for the BestCrypt program onto another floppy - DO NOT ENCRYPT THIS SECOND FLOPPY! Both these floppies should be kept apart from your computer in case of theft, fire or any other interference. If the worst happens you should be able to restore your data from your backups on your Jaz or CD-R and use this floppy to re-install the BestCrypt program to allow you access again. Making backups is a boring business. We can always think of a zillion better things to do, but if ever you get a system crash you will be convinced of its worth. Trust me, I speak from experience... What to put in your newly created Encrypted Drive You need to take care over which programs to choose. Some Newsreaders and Image Viewers and Emailers can either write critical information to your Registry (early Anawave Gravity wrote your News Providers passwords in plaintext, ACDSEE will display the pathnames of the last ten or so files) or worse, send such info when attempting to communicate anonymously (Eudora, AnonPost). For what it's worth, here are my choices for these critical programs: 1. Agent (or FreeAgent if you are a meanie) for the newsreader, and basic Emailing. You can either allow Agent to use the registry settings for viewing or choose a viewer for this purpose (recommended). Agent will write to the registry, so its presense cannot be disguised, but this is probably not too serious. 2. I recommend Vuepro as your viewer. This allows easy click and Zoom to examine image quality. VuePro will install itself into the Windows directory. You should then copy it together with the VuePro.ini file into your chosen encrypted folder. If you do not copy the ini file with the program, Vuepro will create it when next it is used. Vuepro is available from: http://www.hamrick.com 3. For sorting your images, I recommend Thumbs Plus as your main Image Viewer. This allows easy drag and drop sorting of the images into your chosen folders. 4. I strongly recommend Jack be Nymble (JBN) for your Nym accounts and sending and posting anonymously. This is a very sophisticated program and requires much dedication and concentration to get the best out of it. It can automate many functions in setting up and managing a Nym, including automatic decryption of incoming messages. It requires the Dos version of PGP, but will help you configure it. It likewise will help you configure the Mixmaster chain of anonymous remailers. You must be a United States or Canadian resident to use Mixmaster. (Aside here, if you are truly anonymous, how will they know?). JBN is excellent for all your encrypted mail. You can tell it to only DL PGP encrypted mail and leave the remainder on the server (perhaps for Agent) or you can use it for all mail. It can also ensure your Usenet postings are truly anonymous. You will have to experiment with the appropriate mail2news gateway. Not all support all groups. Also, be prepared for some considerable unreliability from these remailers. JBN is a very sophisticated program. It is absolutely imperative that you spend the time to familiarize yourself with its features. Do not allow yourself to be blinded with enthusiastic energy into creating a NYM before understanding what you are doing. Are there any tips to help in its use? I do not want to encroach on the excellent JBN manual, but a few hints to speed things along. a. There are two main folders displayed on startup - the Message Folder and the Nym Folder. b. Use the Nym Folder only for creating your Nym(s) and for Nym maintenance, changing conventional passphrases or any setup instructions, etc. c. Keep the original setup Nym book(s), plus the original Nym setup messages(s) in the Nym Folder as a permanent record of your Nym settings and reply block. Do not use the Nym folder for your ordinary day to day messaging or Usenet postings. d. Use the Message Folder for all your PGP Email and your Usenet posting. You can make sample message books for your regular Emailings and Postings such that you only need to fill in the text, very conveninet. Jack be Nymble is available here: http://members.tripod.com/~l4795/jbn/index.html Aside here: In earlier versions of this FAQ I recommended AnonPost. I have found a serious flaw with AnonPost. It always forwards your correct Email user name to your ISP in the form of a handshake. If you are only working directly into your normal ISP, this does not matter, but if you are using a remote host with tunnel and terminal forwarding with an anonymous connection, this would completely compromise that anonymity. I refer to this sort of connection later in the FAQ. Another drawback I have found is that there is a maximum size of text that can be copied into the text window. Even if attempted in stages, once the limit is reached it refuses to accept anymore. This may or may not be a problem, depending on the sizes of your individual posts. A serious drawback for binaries. 5. For browsing I find Netscape Gold the best. You can direct it to locate its Bookmarks file on the encrypted drive. The later versions want to create user profiles and worse want to put them in exposed folders. Be careful! All versions will write to the registry, but this is difficult to avoid with any browser. I most strongly suggest you do not use Microsoft Internet Explorer. It will insist on keeping things within Windows, be very careful with that one! This is especially the case for MS Mail and MS News and Outlook. Of course, you can always use MSIE as a normal browser on your desktop for non-critical browsing and Email, should you wish. 6. Many files are compressed. The most popular is Zip. I recommend obtaining a copy of Winxip frorm here: http://www.winzip.com. Or, do a search for Pkunzip which is freeware, I believe. What folders do I need on my Encrypted Drive? These are my suggestions. Obviously adjust to suit your needs. Create two new folders in the root of your encrypted drive, name them "Programs" and "Library". All the above programs, except Thumbs Plus, should be put in "Programs". Create two more folders under Library naming them "! - Incoming" and "Zzz", No, that was not a mispelling, using the exclamation mark "!" with the space ensures "! - Incoming" is always at the top of the list of folders, making it very easy to locate each time. Now still in the Library folder, create a set of folders starting from "00" (zero, zero) thru "9" and another set from "A" thru "Z", finally throw in one more of "!!" for those files that have a symbol as their first character. You should now have all these additional folders inside Library, starting with "! - Incoming" at the top and finishing with "Zzz" at the bottom. Should you wish to add a "specials" folder for your favorite pics, call it "! - Specials". You can set Thumbs to automate the transfer of single copies (highlighted and Ctrl+C) into this folder, automatically renaming them in an ascending sequence. Use Ctrl+shift+C, choose Jpeg file format, choose output path (X:\Library\! - Specials), click Enable and OK. Click OK on confirmation dialog box and it is done. Install Thumbs Plus into X:\Library\Zzz, substituting your encrypted drive letter for X. These Library folders can now be viewed using Thumbs Plus. It is simplicity itself to highlight all those you wish to move and just drag them using the mouse to the chosen numbered or lettered folder depending on the first letter of their file name. Easy! The reason for putting Thumbs within Library is to ensure that Thumbs together with its thumbnail database and your chosen configuration settings are backed up, when you backup Library. One of the most useful features of Thumbs is if you have downloaded dupes, you can offer them to their respective folders and Thumbs will check and tell you if they are dupes, plus show you a thumbnail of the pic, plus give you the file sizes, so you can replace if you have one of a better resolution. I guess that is why it is called Thumbs Plus, it has so many plus features. I have not even touched on its many other features - find out for yourself. If you do not download images, then you will not need the Library folder. Go into Agent\Group\Default Properties then browse and choose X:\Library\! - Incoming, for both "directory for saving attached files" and "Temporary Directory for Launching Attached Files". Go to Group\Default\Properties\Post and ensure both "Prevent usenet messages from being archived X-No-Archive" and "Observe no archive requests from original message in follow ups" are both checked. So far as I am aware (but I am not going to guarantee this) none of the above programs will give away any critical information within your Registry. Be aware, however, that the presence of the drive is disclosed by BestCrypt itself. ACDSEE whilst excellent in many respects, will leave a trail of all the last ten or so folders you have visited, together with their drive\path and file names! If your file names are rather explicit, a lot could be inferred about what your viewing... Eudora Lite and a cracked version of Eudora Pro insisted, despite my best efforts, on sending my true ISP and user ID to whoever. As excellent as Eudora may be, particularly with its PGP Plugin, this was intolerable and so it had to go. Agent seems reliable in this respect. Security Beyond Encryption Regrettably, despite all your best efforts Windows will still save to a swap file, unless you perversely disallow Windows from using one and risk program lock-ups. This is an unavoidable risk with Windows. To minimize this problem you must use a wipe utility. BestCrypt includes a disk free space wipe utility which works whilst in Windows, but do not trust it to completely wipe the swapfile. It is impossible for any utility to do this truly effectively whilst Windows is still running. However, do not despair there are ways around every problem. To ensure total privacy of your data on your computer using Windows, it is necessary to do the wiping in two stages. The first stage is done within Windows and the second from Dos. Stage One First you will need a wipe program that will allow you to specify all the critical folders that contain files that must be wiped on shutdown. Kremlin can be set up so that it will do this on every shutdwon automatically or if you choose at a specified time. This can be a nuisance on occasion, but its operation can be cancelled if required. In addition to wiping the swapfile or more correctly the virtual memory, I would recommend you set it to wipe the files in the following folders: Windows\Recent; Windows\History; Windows\Temp; Windows\Temporary Internet Files; Windows\Cookies; Windows\Cache; plus any other cache folders you may have on your computer which you believe may contain compromising data. As I have said, I would not trust that Kremlin has completely wiped the swapfile, but it costs nothing to let it have a go. You can also set it to wipe the empty disk space on shut down, but I prefer doing this from within DOS. More on this later. Note, Kremlin is not freeware. You have 30 days before you must register. Of course to save you buying Kremlin, you could do it manually with the BestCrypt wipe free space utility. For this you first need to manually delete all the files in the folders listed above. Then to maximise the potential for wiping the swapfile, you need to shut down and re-boot. Then immediately run the BestCrypt wipe disk free space utility on the drive where your swapfile normally resides. This is a real hassle and is why I recommend getting Kremlin. Stage Two 1. In Windows, go to My Computer\ControlPanel\System\Performance\Virtual memory. Click "Let me specify my own virtual memory settings". Enter identical settings in both boxes. I suggest 150 Mbytes. Click OK. Windows will tell you what you've done and complain and ask you if you are sure you wish to continue, click YES. Windows will then want to re-boot. Allow it to do so. After re-booting you can see the file in Windows Explorer as Win386.SWP. If you run games which require large swapfiles, or run many programs simultaneously, you may need to increase the size. But remember, the larger it is the longer it will take to securely wipe on shutdown and the greater the wear and tear on your hard drive. I have had no problems with this size with 64 Megs of RAM and I regularly use F-22 Flight Simulator. 2. Use Notepad to write the following simple Batch file. Put it in the root of your C: drive. Give the batch file a name. I suggest W.bat, but any convenient letter or name will suffice, but NOT Win.bat or confusion will occur with the Win which starts Windows. Add it as the last line of your Autoexec.bat file. This will ensure it runs automatically on every shutdown, avoiding that "Oh, I'm too tired and can't be bothered, I'll do it tomorrow" syndrome. Note: I have been told that Windows 98 does not allow you to run such a batch file automatically on shutdown. Apparently you must either exit to Dos or re-boot and press F8 to interrupt Windows from loading, then run something similar manually - I await confirmation of this. CD\WINDOWS Win Mode co80 cd\ Scorch [c:\win386.swp] Zapempty CD\Windows followed by Win tells your computer to start Windows. The subsequent lines only operate on shut down. Mode co80 is to prevent your computer hanging at the "It is now safe to switch off your computer" screen, but exits to Dos. Scorch is a freeware wipe utility. It is a Dos program and is easily set up. The format of enclosing the file to be wiped in square brackets is to minimize disastrous errors. Read the documentation that comes with it before use. You can change the default configuration of Scorch to overwrite the swapfile up to 7 times with randomn characters, but without actually deleting the file. If this isn't enough (you really are paranoid, aren't you?), just add it a second time in the batchfile. There are several other options, which are best gleaned from the included documentation. Zapempty wipes the empty areas of your hard drive. It is freeware and available here: http://www.sky.net/~voyageur/wipeutil.htm. The Zip file contains several useful wipe utilities, besides Zapempty. This batch file will take care of the second stage of ensuring your privacy by safely wiping the so critical swapfile plus the disk free space. That completes the first part of the FAQ. This second part has more to do with ensuring privacy online. It may be useful. Again it is offered in good faith. Please evaluate and make your own decisions regarding its usefulness before committing any resources. I download binaries (pictures) that may be compromising, am I safe? No. Whilst you are online anyone could be monitoring your account. I am NOT saying your local ISP will do this, but they COULD! If your activities have aroused the suspicion of the authorities, this is the first thing they are likely to do. Can anything be done to prevent my ISP (or the authorities) doing this? Yes. You need to encrypt your data stream to and from your desktop to a remote host. This host should preferably be sited in a different State or country to your own. Regrettably, there are no news providers yet offering any form of encryption from desktop to newsgroup. If I am wrong and anyone knows differently, please tell me. How do I go about Encrypting to this remote host? You will need Secure Shell (SSH). To quote from the SSH FAQ: Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. It is intended as a replacement for rlogin, rsh, and rcp. Additionally, ssh provides secure X connections and secure forwarding of arbitrary TCP connections. If you want more info about SSH, visit their home page at: http://www.cs.hut.fi/ssh/#other The FAQ, plus loads more info is available here: http://wsspinfo.cern.ch/faq/computer-security/ssh-faq There is an NG devoted to SSH at: comp.security.ssh There are freebie versions around, but I have no experience of them or where to find them. Doubtless the NG will help you. You can buy a commercial implementation from Datafellows, called F-Secure. They allow a 30 day free trial period. F-Secure is available here: http://Europe.DataFellows.com/cgi-bin/sshcgi/desktopreg.cgi. Can you suggest a remote Host to use? One of these hosts is Cyberpass, but there are at least 1,000 others in around 40 countries. Unfortunately, most are private! Regrettably, but possibly understandably DataFellows will not release the names of their customers who offer a hosting service. Naturally, there is a charge for using Cyberpass as a remote host. Can I use Cyberpass as my local ISP? Yes. Cyberpass now also operate as an ISP from anywhere within the United States at local call rates. It may be possible to subscribe anonymously, but that does not guarantee anonymity. I recommend you use them for a shell account. This does mean paying for two separate accounts, but that is for you to decide on how important is your anonymity. What is a Shell account? For anybody who does not understand the difference between a dialup and a shell account, the dialup is what it says. It is your normal account with your Internet Service Provider (ISP). A shell account is accessed after going on line with your usual ISP. With a shell account you log into your ISP then use the Net to make a connection with a remote server. All your Net activities, Email, Usenet, Web browsing is then done via this remote host. To get the full benefit you should use encryption from your Desktop to this remote host. If the remote host is located in another country, better still. To get the maximum benefit, you should ensure your registration with this host server is anonymous. How does this work? The procedure with Cyberpass and F-Secure for example, would be to first log onto your ISP with the Windows dialup program. You then start F-Secure. You are asked to enter your passphrase for logging into Cyberpass. F-Secure then contacts Cyberpass' server asking to open a connection. Cyberpass reply with their RSA public key. Your copy of F-Secure checks this key for authenticity (from previous connections) and then generates a randomn 128 bit session key, encrypts it with the RSA public key from Cyberpass and sends it back with the request "let's use this key". All data transfer between Cyberpass and your computer, including sending your Cyberpass password, are now sent encrypted using that session key with either DES, 3DES or BlowFish (your choice) for the duration of that connection. Some servers only support DES or 3DES, I believe. Do NOT use DES. This has already been compormised and shown to be weak crypto by todays standards. 3DES can be slow. I recommend BlowFish for speed and security. I also recommend disconnecting at irregular intervals and remaking the connection. This purges the system and ensures a new route to the host with a new session key. Why not save money and just use Cyberpass as the ISP? For a dialup account with Cyberpass, you rely on Cyberpass keeping your name anonymous and not monitoring your activities (unless they are compelled by a legal warrant to release your account details). Even if you are "anonymous" you can quite easily be traced immediately via the telephone Company. Coming into a shell account via another ISP means the authorities must coordinate their searches when you are online and work with probably a different authority in another State or country. Still possible, but much more bother. With constant and irregular breaks in the host connection and it becomes even more difficult to trace you. How do I set up the Anonymous account with Cyberpass? A Cyberpass shell account will cost $7.00 per month. The account must be paid six months upfront. Therefore, an anonymous shell account will cost you 42 USD per six months. You need to send Cyberpass a few alternative user names, plus your choice of an eight letter password (case sensitive), plus 42 Dollars. You then watch the Cyberpass bulletin board at: http://www.cyberpass.net/top/help/news.html until you see your user id posted up telling you the account is active. Their address for payment is: Infonex Internet Inc. Attn: Anonymous Accounts 8415 La Mesa Blvd. Suite 3B La Mesa, CA 91941 Do not include any personal inforamtion. You used to be able to apply online and then send your payament. They now expect you to send your account details with the money. This does not compromise your anonymity in any way, provided you do not put a return address on the envelope! You need to trust them to implement your account. I have found them to be excellent. Do Cyberpass offer any Usenet feeds? Yes. But do not look for any contentious newsgroups on the Cyberpass feed. If you want to subscribe to certain special groups, subscribe to one of the many independent news providers, such as Newscene, Supernews, Giganews, EasyNews, etc. Or, if you are a little short of cash, you can always work through Deja News. Personally, I find that one too awkward to use, but some may like the challenge. There are supposed to be others that are free, but I have never had any luck with them. I suppose like most things in life, you get what you pay for. How do I configure my News Reader and Browser with Cyberpass? Easy. Read the FAQ at http://anonymizer.com/ssh.html. Once connected via F-Secure, you simply minimize the startup screen and then use your browser, email, etc in the usual way. To ensure they route their connection thru Cyberpass (or whatever remote host you choose) you need to specify localhost in the proxy connection settings. This is straying into the territory of information that comes with these programs. The Anonymizer FAQ explains it in detail and quite lucidly. The bottom line is, it ensures you are virtually anonymous to whomever you communicate with and more importantly, the data is hidden from prying eyes. If anyone knows of other hosts, please let me know and I will add them to the FAQ. What about the data between Cyberpass and the News Provider, is this encrypted? No. From cyberpass onwards it is in plaintext. Until the News Providers take security seriously, you have no choice. May I suggest you all send emails to the various News Providers suggesting they start offering encryption to their clients. Can I be anonymous as far as other Web sites are concerned? Yes. Visit the Anonymizer at: http://www.anonymizer.com/ - there are others, but I have no experience of them. I use a dedicated News Provider, how do I connect? Follow the Anonymizer help exactly as shown on the Anonymizer FAQ, but instead of inputting news.cyberpass.net as the news provider, enter your News Providers site URL, e.g. news.supernews.com. You will have to configure Agent (or whichever newsreader you are using) for a news server log in, exactly as now. How can I post graphics to NewsGroups? Sorry, I do not know. I have never done so. My hobby starts and stops at encryption. Conclusion Again, I must repeat that this is not intended as a definitive statement on computer security. It is offered in good faith as a starting point. Many will choose to implement things in a different way. That is what freedom is about. The important thing to remember is to use encryption, whatever else you do. One last bit of information: 1. Never ask of anyone nor give anyone, your true Email address. 2. Never DL any file with .exe, .com or .bat extension from a dubious source. 3. Never offer to trade any illegal material, nor ever respond to those seeking it, even anonymously. If you believe any part of this FAQ is wrong, misleading or could be improved, please post your comments and I will take them onboard. To respond to me personally, please email me at Doctor_who@nym.alias.net and include your PGP key with your message if you expect an answer - no key, no answer! You will need to extract my public key from a keyserver. Links to sites that can help you: PGP download site: http://www.pgpi.com/download/ The PGP FAQ: http://www.cryptography.org/getpgp.txt The Official PGP FAQ: http://www.pgp.net/pgpnet/pgp-faq/ ScramDisk: http://www.hertreg.ac.uk/ss/ BestCrypt: http://www.jetico.sci.fi. SecureDrive: http://idea.sec.dsi.unimi.it/pub/security/crypt/code/secsplit.zip Partition Magic: http://www.powerquest.com/ VuePro: http://www.hamrick.com Kremlin: http://www.mach5.com/kremlin/index.html Jack be Nymble: http://members.tripod.com/~l4795/jbn/index.html Zapempty/wipeutil: http://www.sky.net/~voyageur/wipeutil.htm The SSH home page: http://www.cs.hut.fi/ssh/#other The SSH FAQ: http://wsspinfo.cern.ch/faq/computer-security/ssh-faq A commercial version of SSH: http://Europe.DataFellows.com/cgi-bin/sshcgi/desktopreg.cgi Cyberpass: http://www.cyberpass.net/ The Anonymizer: http://anonymizer.com/ssh.html Winzip: http://www.winzip.com For further reading and many security related links and a glossary of security terms try here: http://www.io.com/~ritter/GLOSSARY.HTM ........................................................ My Public key is available from: http://pgpkeys.mit.edu:11371 key ID: 0x7CECC929 Fingerprint: F4A7 05A0 7618 252B B10A C1BF 5C29 C0A2 User ID: Doctor Who Personal contact: Doctor_Who@nym.alias.net Kindly note: NO exchange of porn