Tag Archives: security

Why I want to encrypt everything

When I suggest to people that we should communicate using encryption, I get the impression they don’t take me seriously.

Am I paranoid? Do I think I’m interesting enough to be the subject of surveillance? Maybe I want to play at being a spy? OK, maybe the last one is partly true, but seriously, I think there are good reasons to encrypt all information by default.

To be completely clear, when I suggest we use encrypted communication:-

  • I don’t have any classified information to share
  • I’m not buying or selling anything illegal
  • I am not planning to have an affair with anyone
  • I’ve got no intention of overthrowing any governments or hacking anything

I don’t think I have anything to hide. However, I don’t want to have to think, every time I send a message to a friend, family member or whoever, about who might see it, now or in the future and what the consequences might be. Maybe one day one of us will be famous and our embarrassing utterances may be of interest to the masses.

I’d just like every message between us to be between us. It’s easy to unthinkingly assume that the messages we send are only read by the intended person or persons. I want that assumption to be reasonable.

Email is not usually encrypted and is easy to fake

For a popular example, email has often been described as about as secure as a postcard. In practice I think it’s a bit worse than that. Firstly, because it’s easy to intercept and read millions of emails automatically. Secondly, with a postcard you can probably recognise the sender’s handwriting which would take some effort to fake. Email senders can easily be spoofed. By default there’s no way to verify that the address in the “From:” field is the person who sent the email.

It shouldn’t take too much imagination to see how the insecurity of email could lead to problems. It’s already been exploited via a simple scam in the UK.

To summarise the link above… A couple had some building work done and had agreed with the builder to pay via bank transfer as many people, myself included, do regularly. They received an invoice from the builder via email which included his bank details. They duly transferred £25k to the account, but the builder never received it. The email appeared to come from the builder’s email address, but was in fact from a scammer who had sent their own bank account details in place of the originals.

This would not have been possible if the email sender’s identity could be verified and the email encrypted. Another solution would be to share the bank account details in person or, if you recognise the person’s voice and know their number already, over the phone. A phone number in an email could also be faked.

There are ways to improve on email security, in fact it’s fairly simple if both parties can use the same service. Other solutions get a bit more complicated.

Encryption is getting easier

The good news is that it’s getting easier to encrypt everything by default. Google are now encouraging all websites to be delivered via HTTPS (the S standing for SSL or Secure), making websites harder to fake and adding to the reliability of online data.

Many email services now offer some level of encryption and verification within their service. So a GMail user writing to another GMail user can expect their communications to be encrypted. Facebook messages are encrypted, as are WhatsApp. In some cases it may be possible for employees of those organisations to access clients’ communications, or to change the application for a user so that their data can be read.

For a higher standard of encryption people look to “zero-knowledge” solutions in which the service providers don’t have the ability to read user data or access their private encryption keys, even if they wanted to or were forced by law, blackmail, bribery, etc. Zero-knowledge email systems include Tutanota and ProtonMail. They’re not perfect. I won’t go into all the pros and cons here except to say that at the time of writing neither are securely interoperable with other email services, but can still be used for unencrypted plaintext emails to/from any address. Of course all this is pointless unless you have a good password.

For text messaging the most respected zero-knowledge solution is Signal, which is available for free on iOS and Android. WhatsApp also offers “end-to-end” encryption, but unlike Signal the code is not open source, so not subject to public scrutiny. Researchers have already shown that WhatsApp can allow Facebook and possibly others to read private messages. Furthermore there’s some controversy over the sharing of user data with Facebook.

Secure messaging is not paranoia, it’s good practice.

Your passwords aren’t good enough

In 2009 a list of 32 million plain text passwords was exposed for the online games service RockYou.com.

So what? You probably weren’t signed up to RockYou.com, so why should you care?

It should go without saying that your passwords are valuable to criminals, either directly for identity theft, or as part of a large collection of compromised accounts that can be misused en masse in more subtle ways.

OK, but these were other people’s passwords, so why is it a problem?

Firstly, this huge list helps password crackers to guess what kinds of passwords people use. Secondly it showed that most people’s passwords are rubbish. By rubbish I mean that they can easily be cracked. Most of the passwords were short, contained common words and many them were not unique, meaning that they were so obvious that more than one person had chosen the exact same password.

Other leaks involving high-profile sites like Yahoo! and LinkedIn contained “hashed” passwords. These can only be transformed into plain-text by repeatedly trying possible passwords. A human wouldn’t get very far with this, but computers excel at the task. What’s more, password cracking technology has been advancing apace, with expensive, yet home-made, machines able to try 6.2 billion passwords a second. This kind of “brute-force” approach resulted in many of those leaked hashed passwords being cracked, leaving the accounts at the mercy of the crackers.

Worse, many LinkedIn and Yahoo! users had been using the same password on multiple sites, meaning that when the leak occurred they had to hurriedly change all their passwords.

What can a careful Internet user do?

We can’t control the security measures used by all the websites and services we use. In most cases we probably can’t even assess if their procedures are good enough.

What we can do is limit the potential damage. There are a few ways to do this:

  1. Use a unique password for every website you visit.
  2. Use strong passwords that are difficult to guess, even with powerful computers.
  3. Change passwords regularly and especially after using any untrusted networks (wireless or otherwise).

A strong password:

  • Is at least ten characters long
  • Contains only a randomly-generated combination of mixed-case letters, numbers and punctuation. (If you need to enter the password on a smart phone, it may be best to make it a little longer, but avoid some punctuation like curly brackets).

More advice can be found on Healthy Passwords or BBC Webwise.

But strong passwords are hard to remember!

If remembering lots of really tough passwords sounds a bit of a pain, I have some suggestions to make it easier.

Firstly there are a number of free applications available which make creating and storing your passwords simple and secure.

For example, KeePassX will run on Windows, MacOS X, Linux or a smart phone. When visiting a website you can simple copy and paste your unique, long, super-secure password from your encrypted KeePassX database into the website without having to remember it. I also use it to store personal details like my National Insurance and passport numbers.

You’ll need to take the small file with you or have it shared on a cloud-service such as Dropbox. Remember that this file is encrypted, so while you shouldn’t make it public, it will still be pretty secure should ne’er-do-wells get hold of it.

Your encrypted database can be secured in a number of ways. Firstly, a key file (perhaps kept on a USB stick or CD), a really strong password, or both.

So you still need to employ the grey cells to keep your information safe. Yes, but remembering one strong password is easier than remembering fifty. If you still find this impossible, it’s probably better to write it down somewhere inconspicuous rather than resort to a weak password you can remember. Most password cracking attempts come from online sources rather than the people around you.

So writing 9.-Xhd5u@y in the back of your diary is probably more secure than having Bicycle2 only in your head.

An alternative to passwords

If that still sounds too hard, you may appreciate the suggestion of the sometimes-serious webcomic XKCD, which suggested “pass-phrases”. Four randomly-chosen words are easier to remember and harder for a computer to guess than a medium-length string of random characters. XKCD’s example was:

correct horse battery staple

But as long as the words really are random, it’s a good pass-phrase. So no song lyrics or famous quotes! You can bet they’ll be in the crackers’ lists.

After what I’ve read on this subject I’m in the process of improving all my passwords. I encourage you to do the same!