Sildes and Discourse
Threat models allow evaluation of risks which eventually come across as a by-product of digital communication.
They describe potential attacks and expose risks in behaviors, in transmissions or in channels.
This descriptions provide knowledge, which enables you to estimate limits and possibilities of solutions such as end-to-end-encryptions or transport security regarding the given use case and provides hints for adapdting the own online behavior.
The slides of the talk What the Hell is Threat Modelling Anyway? give a short introduction into conceptualizing risks, which you might face whenever using communication technology.
Passphrases and Password Managers
Please do not consider using a cloud-based password manager. Instead, we recommend using a password manager which stores your passwords into a encrypted container or database on your own device.
If you cannot avoid using cloud based storage we suggest sharing the encrypted database of a password manager who runs on your own device.
The following password managers seem recommendable for us:
KeePass: offcial site with tutorials, docs and a bbs. You can find KeePass Source code in the download section.
KeeWeb: offical site.
PasswortSafe: offical site with doc and source code
Remember: Length beats complexity. A good password is a long password (20-30 letters or 8-12 words) even when it is simple. A simple method for choosing a good password is to combine at least 6 random words and use memory techniques to remember. Please resist writing it down. Another method is to generated a random password by using your Password Manager and remember only a good master password.
Diceware™ is a method to compile a password or a passphare by using a dice and a dictionary list. Using a high-quality dice (casino dice) is recommend. Instead you can use Software base on a cryptographically secure pseudorandom number generator only. Good passphrases generated this way consits of at least eight words (80 bits entropy).
Twelve words (120 bit entropy) are considerd as a strong passphrase. Generating a passphrase that provides enough entropy that lasts a year by current standards should
provide 65 bit entropy at least.
Hard disk encryption
TrueCypt is a encryption software available for a lot of operation systems: A good general tutorial can be find at Security-in-a-Box.
Unfortuanly the development of TrueCrypt has been stopped abruptly. The latest release version 7.1a is still worth using, as many security oriented user think.
With VeraCrypt as fork under active development there is now an succcesor on the way. As a young project VeraCrypt never seen successful security audits as TrueCrypt did.
VeraCrypt is able to reuse an convert devices and containers encrypted by TrueCrypt.
Plausible deniability of hidden volumes is a special feature so far only TrueCrypt and its forks can provided easily. With some effort Linux users can implement this feature by using build-in Kernel-based encryption (dm-crypt/cryptsetup), but should carefully consider to disable discard/TRIM feature of a Soild State Drive (SSD) whenever this kind of harware should be secured this way.
Some Windows users give DiskCryptor a try, but others reported severe problems suchs a complete loss of data, so we don’t recommend using it for senstive data or production systems.
Fortunatly latest release of VeraCrypt (1.18a) started supporting UEFI disks under Windows 10 (along with Aniversary Update, Version 1607).
Microsofts Bitlocker supports UEFI and GTP parted drives, but you have to trust
the vendor that this closed source crypto system does not contain any backdoor or it does not have been weakened severely when Microsofts recently dropped a specific encryption feature without any plausible and detailed explaination why doing so.
As already mention Linux users have build-in encryption with dm-crypt in conjunction with LUKS and cryptsetup, which gives you a performant crypto system, directly integrated into the core of you operating system (kernel). For each major Linux distribution there are plenty tutorials showing how to implement full disk encryption which is highly recommend whenever Solid State Drives (SSD) are being used. When implementing full disk encryption on Linux please choose a tutorial that shows how to configure the system writing the data on disk when the systems switches into hibernation mode (Susped to Disk).
macOS users could use TrueCrypt/VeraCrypt as well. Apple provides FileFault2, but like Bitlocker users have to trust this closed source sofware system. Unlike prior version
FileFault2 security has been improved (the former version containted an vulnerability which allowed attackers to extract the encryption keys in an easy way).
Other BSD-like systems provide disk encryption with geli.
A word of warning: Former version of OpenSSL contained a implemation of industry standard AES (Advanced Ecryption Algorithm) which as vulnerable by
time-bases attacks. This attack is also know as CREAM.
Eraser Software: Wiping out files
Windows users can install OpenSource tool Eraser (Heidi Eraser) for this purpose. Eraser also provides scheduling of secure file deleation which can be handy when you plan to get rid of many files.
A word of warning: Secure deletion does not work reliable on flash media drives such as USB sticks and on SSDs (Solid State Drives).
BleachBit can be used under Windows, macOs, and Linux to eliminate digital traces such as browser cookies and tempoary files, even if it does not delete
the files in a secure way.
Tor – The Anonymity Network
Tor is the most famous and the best reviewed anonymity network.
Tor aims to obfuscate data traces and meta data generated by online traffic such as visiting websites, receving emails or using an instant messenger.
Driven by Onion routing the traffic is routed trough randomly choosen Tor nodes using 3 hops each request while layered encryption ensures that no participating node can leak its traffic information.
This efforts render the Tor network nearly incapable of serving large amount of bandwidth, which are usualy consumed by services such as media streaming or online gaming.
Using specific protocols to transfer large amount of data such as the Bittorent protocol even undo the efforts of covering your tracks and enables deanonymization.
Theoretically Tor complicates tracking users inside its networks. However studies show latetly, that statistic analysis can be used over time to almost deanonymize certain participants. Moreover intelligence make huge efforts to infilitrate parts of the Tor network (so called Relays) in order to uncover participants.
The Tor Browser Bundle is a hardend version of Firefox, specially adapted and configured for the use of Tor. Unfurtunatly this makes this Browser a special target. The FBI recently attacked the Tor Browser in combination with infected malicous relays in order to uncover certain users.
Nevertheless it is recommoned to use Tor only on Tails, a special Linux-Live-Distribution with anonymity in mind. Tails purpose is to avoid metadata and increase the efforts to uncover its users.
Using Tor comes with the price of changing your online behavoir in order to provide best protection and anonymity. The Whonix Project colleted some advice of things not to do.
Recommend readings and talks
How Journalists Use Crypto To Protect Sources – Laura Poitras, ack Gillum, Julia Angwin on 31c3
GPG for Journalists – Windows edition | Encryption for Journalists (Legendary Video of E. Snowden for Gleen Greenwald explaing email encryption )
Prism-break.org – Used cases and non-privacy invasive tools and/or alternatives
Security-In-A-Box (sometimes outdated tutorials)
Slides of our talk Überwachungskapitalismus (German) at CryptoCon15.
Talk on CCC-Kongress Dezember 2014:
ECCHacks: A gentle introduction to elliptic-curve cryptograph
Handbook of Applied Cryptography”:
Offizielle Download-Seite für die einzelnen englischen Kapitel zur privaten Verwendung.