Please help me punch holes in my encryption scheme.

kresh

macrumors 6502a
Original poster
I have some things I want to keep very safe. It is not pornography (i.e. kiddie porn), nor is it illegally downloaded media files.

Imagine if I had caught a local official doing something in public that was extremely bad, and I wanted to release the pictures anonymously to our local paper and did not want the police to seize my computer and prove it was me. This is not the situation, but it is the type of stuff I want to keep extremely safe.

Anyway, this is what I have done:

1) Created a truecrypt volume inside my file vaulted documents folder.

2) There is a password and three keyfiles.

3) The password is a 60 count password coming from an extremely long text document filled with random numbers, symbols, and letters of both cases. The file is almost 1 MB in size and I know exactly where to copy from. (Not in the top 1/5 or the bottom 1/5 nor close to the middle).

4) The first keyfile is an MP3 file. I made the file by recording me shaking toothpicks in a jar in front of the microphone so that it is a unique file. It is kept in another 500MB truecrypt volume without any keyfiles but a similar password from the same document above.

5) The second keyfile is a another unique MP3 file of my dog barking. It is kept in a folder that is protected using Espionage 2 (as a 256bit SparseImage).

6) The third keyfile is a plain MS Word document from my Documents folder. This file has not been touched in years.

Ok, what have I done wrong and what do I need to do to fix it. Any help would be much appreciated.

Sorry for writing a book!
 

miles01110

macrumors Core
Jul 24, 2006
19,264
30
The Ivory Tower (I'm not coming down)
Seems pretty secure to me, although the password is the weakness if it's actually a continuous string in the text file. Are you in the US? If you are I'd say you're going a little overboard... if the public official was actually breaking the law, you're well entitled to report it.
 

kresh

macrumors 6502a
Original poster
Seems pretty secure to me, although the password is the weakness if it's actually a continuous string in the text file. Are you in the US? If you are I'd say you're going a little overboard... if the public official was actually breaking the law, you're well entitled to report it.
Some US states have made it illegal to photograph police officers on duty.

Thanks for the tip about the password. I will break it up.
 

JNB

macrumors 604
Since you've already given enough information as to what was done, your encryption methodology, and the fact that you're posting on a public forum (and hence, identifiable), I'd say it was a lot of effort down the tubes. The specific evidence wouldn't have to be recovered as you've provided more than enough for identifying you as the source.

Other than that, I think you're fine.
 

kresh

macrumors 6502a
Original poster
Since you've already given enough information as to what was done, your encryption methodology, and the fact that you're posting on a public forum (and hence, identifiable), I'd say it was a lot of effort down the tubes. The specific evidence wouldn't have to be recovered as you've provided more than enough for identifying you as the source.

Other than that, I think you're fine.
Knowing and proving are two separate issues. The situation is different enough that I could deny that I was talking here is what I am keeping safe.
 

GoCubsGo

macrumors Nehalem
Feb 19, 2005
35,743
141
I thought about walking in wearing a trench coat, a hat and glasses with a rubber nose. :)

I have thought about it, but that part I am scared to post online.
Ummm you just did post it online.

Dude if it's really this bad and really something to be this worried about you may want to just quite while you're ahead. If you don't care about the credit then go to the library and post it online from there.
 

rdowns

macrumors Penryn
Jul 11, 2003
27,345
12,408
Ummm you just did post it online.

Dude if it's really this bad and really something to be this worried about you may want to just quite while you're ahead. If you don't care about the credit then go to the library and post it online from there.

Nope. Libraries have security cameras these day. :D
 

whooleytoo

macrumors 604
Aug 2, 2002
6,559
628
Cork, Ireland.
Install a very powerful, concealed electromagnet in the frame of your front & rear doors. That way if/when they remove it from your house, the drives will be wiped. :)

I'd have more faith in hiding the data, with basic encryption to prevent casual browsing, than having any 'unbreakable' encryption. You might even consider breaking up the data, and storing it in several locations, such that if any of it is missing the rest can't be read.
 

CylonGlitch

macrumors 68030
Jul 7, 2009
2,925
109
SoCal
The encryption scheme isn't the problem, you have gone a bit overboard. You don't need TrueCrypt AND FileVault, they do basically the same thing. They use the AES algorithm to encrypt the data. I believe TrueCrypt has the option for doing 256 bit AES, and that is what you'll want to use, I don't know how many bits FileVault uses.

As for the passphrase from the 1024 byte file; that's a good method. It really isn't that necessary to break it up into different locations but that would make it a bit more secure. But shifting the bits a few would be even better; but makes it a LOT harder to get access to. The biggest problem with your password this way isn't the password, it is the fact you copy it to the clipboard. If you don't clear the clipboard with something else, then it remains available to everyone.

Using 3 different key files isn't really necessary either. One would be enough, 3 is just overkill. The way to protect that one file would be the make it something like a picture you've taken, but throw it on a flash drive with 100 other pictures you've taken and keep the drive with you at all time. Now you've got the only key.

There are other things you can do to "secure" it more, but anyone who is able to get past the above wouldn't be stopped by anything else either. You could split the files into multiple files (i.e. bit, byte, word splitting or something along those lines) and then encrypting each segment independently with different key files and passwords.

As for getting them to the police station. Just put the information in an envelope, fully pay the postage, and drop it in the mailbox closest to the police station. Thus it gets traced back to basically "them" if they try, no way to get it back to you.

There are some very easy ways to send the information via email / web without anyone being able to trace you too. But that doesn't seem to be what you need here.

But after all this, it sounds like something so horrid that it will rock the world. Most likely, the police won't do anything anyway because what you think is so bad, isn't in their eyes. And if they don't have someone to use as a witness (i.e. YOU) they can't trust digital information since it is very easy to forge.
 

CylonGlitch

macrumors 68030
Jul 7, 2009
2,925
109
SoCal
Nope. Libraries have security cameras these day. :D
For the record, the only real good way to send information anonymously on the internet is to make sure that it can't be traced to you. But regardless what you think, every network device has a unique MAC ID that is very difficult to spoof. Thus even using something like an anonymous gmail account, can be linked back to you because they can get the MAC address of your NIC and then watch for it to show up again somewhere else and bingo, they have you. Besides GMail will know who your ISP is, and they will know who connected to their service.

How to get around this? Simple. Buy yourself a cheap USB Wireless adaptor. Drive around until you find an open wireless network somewhere away from where you live. Connect to it. Establish an anonymous gmail account (don't do this before otherwise the logs might bite you). Then send your email. Unplug the USB adaptor, drive to somewhere public (mall maybe) and leave the USB adaptor somewhere for someone to find. (make sure you wipe off any fingerprints first).

NOTE: this isn't very legal, but it is one of the few ways to truly be anonymous.
 

kresh

macrumors 6502a
Original poster
The encryption scheme isn't the problem, you have gone a bit overboard. You don't need TrueCrypt AND FileVault, they do basically the same thing. They use the AES algorithm to encrypt the data. I believe TrueCrypt has the option for doing 256 bit AES, and that is what you'll want to use, I don't know how many bits FileVault uses.

I used "Serpent-Twofish-AES" with the "Whirlpool" hash algorythm:

Serpent-Twofish-AES http://www.truecrypt.org/docs/?s=cascades
Three ciphers in a cascade [15, 16] operating in XTS mode (see the section Modes of Operation). Each 128-bit block is first encrypted with AES (256-bit key) in XTS mode, then with Twofish (256-bit key) in XTS mode, and finally with Serpent (256-bit key) in XTS mode. Each of the cascaded ciphers uses its own key. All encryption keys are mutually independent (note that header keys are independent too, even though they are derived from a single password – see the section Header Key Derivation, Salt, and Iteration Count). See above for information on the individual cascaded ciphers.

The reason I don't just trust File Vault 256 bit (or Espionage using Apple's File Vault technology) is that I am not convinced they don't have a backdoor built in for use when served with a subpoena.

shifting the bits a few would be even better; but makes it a LOT harder to get access to.
I don't know what you mean.
 

gødspeed

macrumors regular
Jun 11, 2009
226
1
Oregon
Use Tor to send it to the newspaper via an offshore email provider, such as hush.ai

In case something goes wrong (how much do you trust your newspaper?), submit it to WikiLeaks as well. They aren't displaying leaks at the moment, but they are still taking submissions.
 

MacDawg

macrumors Core
Mar 20, 2004
19,708
4,274
"Between the Hedges"
Hurry up man... the safety and security of the world is being compromised until you blow the whistle on these perps

Just use the Terminal to make it a hidden file
Boom... done

So what if you get caught... As Spock so eloquently said, "the needs of the many outweigh the needs of the one"

Godspeed

Woof, Woof - Dawg
 

gødspeed

macrumors regular
Jun 11, 2009
226
1
Oregon
Hurry up man... the safety and security of the world is being compromised until you blow the whistle on these perps

Just use the Terminal to make it a hidden file
Boom... done

So what if you get caught... As Spock so eloquently said, "the needs of the many outweigh the needs of the one"

Godspeed

Woof, Woof - Dawg
Well he did say that the situation he described was an example, not the actual case. Whistleblowers do face some pretty significant dangers -- less so in the U.S, but depending on who you are informing about anonymity can still be essential. I agree that he's likely going over-the-top here if it's a small-time official in a small town, but you never know. If it were an official in Chicago, I'd take all these precautions and more :p

I would consider finding a journalist that you trust, and giving the story to him. Sending it straight to a desk at your local newspaper sounds like the weak part of your plan. There are shield laws that protect journalists, so your primary concern should be to cover your own ass.
 

CylonGlitch

macrumors 68030
Jul 7, 2009
2,925
109
SoCal
I used "Serpent-Twofish-AES" with the "Whirlpool" hash algorythm:The reason I don't just trust File Vault 256 bit (or Espionage using Apple's File Vault technology) is that I am not convinced they don't have a backdoor built in for use when served with a subpoena.
Sadly, most encryption schemes you get publicly have some type of back door. It has gotten better, but the government has put pressure on these companies to make it happen (even worse in other countries). BUT, I don't believe that the AES algorithm has this problem except the fact that the polynomial is readily known and that does facilitate breaking the key. (Last I heard, a 128 bit key could be broken in a few hours)

BUT you'd have to do something REALLY bad for them to come after you and want to go through all this trouble. Don't believe the CSI programs, 99% of the time, if the police can't get the information easily, they don't dig further. Only in the cases of national security will the FBI make a stronger effort.

I don't know what you mean.
Every byte is 8 bits. A = 41h = 0100 0001

Thus if you have ABCD the bits will be
A = 0100 0001
B = 0100 0010
C = 0100 0011
D = 0100 0100

or
01000001010000100100001101000100

Splicing bites, you could pick a random start position and create bytes from there.

Code:
01000001010000100100001101000100
---765432107654321076543210-----
yields :
0000 1010 = 0Ah
0001 0010 = 12h
0001 1010 = 1Ah

yields :
<LF><DC2><SUB>

Thus, picking a random 256 bit pattern out of a stream of 1024 bytes makes it damn hard to figure out what the key is if you have no starting reference point. Most people will start at the beginning of a byte, and thus would try (from the example of a data stream of ABCD) things like A, B, C, D, AB, BC, CD, ABC, BCD but not try something that spans bytes.

But as I said, it makes getting access to the key MUCH harder since you have to do all the calculations to get the actual key.
 

ChOas

macrumors regular
Nov 24, 2006
139
0
The Netherlands
For the record, the only real good way to send information anonymously on the internet is to make sure that it can't be traced to you. But regardless what you think, every network device has a unique MAC ID that is very difficult to spoof. Thus even using something like an anonymous gmail account, can be linked back to you because they can get the MAC address of your NIC and then watch for it to show up again somewhere else and bingo
MAC addresses do not cross over ethernet segments. The only MAC address gmail sees is the address of the interface of the last hop the packet went through before arriving. If indeed that is an ethernet coupling.

Apart from that, MAC spoofing is trivial.
 

kresh

macrumors 6502a
Original poster
BUT you'd have to do something REALLY bad for them to come after you and want to go through all this trouble. Don't believe the CSI programs, 99% of the time, if the police can't get the information easily, they don't dig further. Only in the cases of national security will the FBI make a stronger effort.
It is not that kind of trouble. I would be more worried about a civil bench ordering the seizure, followed by the bench turning the hard drive over to a contractor for encryption breaking. I can't imagine the FBI/NSA involvement.


as I said, it makes getting access to the key MUCH harder since you have to do all the calculations to get the actual key.
Wow, that would take forever unless I scripted it for the conversion to present me with a string to copy from, even if I copied by hand.