Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Haus of Tech Support > Your Operating System has Poor Operational Security
 
  • Post
  • Reply
Dylan16807
May 12, 2010
 7-Zip's method of hashing the password a bunch and then using AES-CBC on the entire file is not completely ideal in terms of tamper-resistance, but in terms of keeping people out of your data it's solid, straightforward, and there is so much less code for bugs to hide in.

I've been using CherryTree for a little encrypted note app. Amusingly, it achieves encryption by storing its XML blob inside an encrypted 7-Zip file.

* # ¿ Nov 1, 2015 04:46
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 3, 2024 06:02
  • Quote
Dylan16807
May 12, 2010

Saukkis posted:

One of the few useful things Squeegy can do in this situation, is to explain faked email senders to his mother well enough, that she will be able to explain it to ther friends. May not be easy depending on how tech savvy that group is.

It should be easy enough to talk about putting a fake return address on a letter. Better than explaining most weird tech problems.

* # ¿ Sep 6, 2016 18:04
  • Quote
Dylan16807
May 12, 2010

EMILY BLUNTS posted:

Good news! Your machine/license is already activated for a windows 10 install. You can still make the correct decision and do a clean reinstall right now! :)

That does not fit my understanding of windows 10 activation.

* # ¿ Feb 2, 2017 06:21
  • Quote
Dylan16807
May 12, 2010

buglord posted:

I keep hearing stuff about Gmail being insecure and that advertisers can skim words off your messages to sell things or whatever. Is any of that remotely true, and is there any case where the average end user should move to something with more privacy, like Tutanota or something?
As far as storing things on a server goes, google is pretty secure.

And they claim they don't use email contents for ad targeting anymore.

Still an ad company though.

* # ¿ Sep 11, 2018 07:36
  • Quote
Dylan16807
May 12, 2010

Khablam posted:

Right.
And because the only way you or I are getting attacked is by a system compromise (evil men in black clothes aren't coming in through your skylight), its a moot point where the keyfile is saved. If the malware is after keypass, it'd be something like
- monitor for launch of keepass.exe
- observe keystrokes
- observe file access, copy recent access
- done

It literally does not matter if you pulled that file off the desktop or fort knox. Also, no one gaining physical access to your machine is going to care to hunt for your keyfile manually, because they need your password as well. And because physical access = complete access = admin level malware = the exact scenario above.

I'd even argue that if the attacker is say, an abusive spouse, then they're going to be more likely to know where the keyfile is if it's in a safe than just an arbitrary file on the disk and be able to socially engineer access to that easier than they'd find the right file without specialist IT knowledge.

KP's best practices are not wrong, they're just speaking about a threat model that's not applicable here and it also assumes other mitigation strategies are being used before where the file physically is kept, matters at all. In such cases its also not a keyfile you want to use, because mitigation against having that file copied on-read is always insufficient or prohibitively invasive. You would use something where the physical location of the item does matter, e.g. a Yubikey.

e: I'd point out as much as they do talk about how to use a keyfile, they also don't even go so far as to suggest it as a default option. They know it's security theatre that's orders of magnitude more likely to get someone locked out of a vault than keep someone out.

We started off talking about storing the database on dropbox, right? There's a good chance a cloud storage company or my cloud storage account gets compromised without my desktop getting compromised.

So while there's no need to separate the database and keyfile on my desktop, there's a good reason not to put the keyfile in dropbox. And I shouldn't use one of 20k photos sitting in my google photos backup either.

(Side note, don't use something on google photos anyway because they recompress files and change metadata and do other things that will make it suddenly stop working as a key file.)

* # ¿ Mar 10, 2021 23:24
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 3, 2024 06:02
  • Quote
Dylan16807
May 12, 2010

Cup Runneth Over posted:

If you want a VPN, get Mullvad. It's probably more trouble than it's worth, unless you are pirating stuff and your ISP gets pissy about that.
Mullvad got rid of port forwarding so it's not very good for pirating stuff anymore

* # ¿ Mar 12, 2024 03:47
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Haus of Tech Support > Your Operating System has Poor Operational Security