Encryption-Privacy

Introduction I’m on a quest to SSL all the things on my local network. I work in IT security, and am more than paranoid when it comes to my homelab (shout-out to r/homelab and r/selfhosted). For my web applications, everything is accessed through a Nginx reverse proxy that uses Let’s Encrypt wildcard certificates (using the DNS challenge) for encryption. It provides a single choke-point for all my traffic, all using one wildcard certificate, and all my clients accept it with the green lock. ...

Introduction WireGuard released their official iOS app today, and I wasted no time jumping on setting up a WireGuard server at home (based mostly on this guide). This is not going to be a tutorial, but instead, I’m going to talk about why WireGuard is a game-changer. OpenVPN drawbacks For years, I’ve used OpenVPN to connect back to my home network. Don’t get me wrong, OpenVPN is great, especially compared to dated, insecure alternatives like PPTP or L2TP/IPSec. But, for all its merits, OpenVPN has some drawbacks: ...

Introduction In March of 2018, Let’s Encrypt (the free Certificate Authority) announced they added support for wildcard certificates through the upgraded ACMEv2 protocol. I’ve been hosting most of my services on subdirectories (e.g., loganmarchione.com/rss) but have been wanting to move them to subdomains (e.g., rss.loganmarchione.com), and thought this was the perfect chance to do just that. What are wildcard certificates? Wildcard certificates cover any subdomain of a specific domain. For example, I own loganmarchione.com. Because of this, I can create services as subdomains of that domain. For example: ...

Introduction Recently, I’ve been thinking more and more about backups for my small (but growing) homelab. The golden rule is to follow the 3-2-1 method for backups: 3 backups 2 different types of media 1 backup offsite Current setup Currently, I keep an encrypted external HDD at home and another at work. Every couple weeks, I perform a backup to both and rotate the drives (this covers a 2-1-1 backup). ...

Introduction Put on your tinfoil hats, boys and girls! Today, we’re talking about security, encryption, and GPG! PGP vs OpenPGP vs GPG PGP Pretty Good Privacy (PGP) was a program created to encrypt/decrypt data in 1991 by Phil Zimmermann. Zimmermann formed PGP Incorporated, which was acquired serveral times and is now owned by Symantec. Fun fact - in 1993 the US government charged Zimmerman with “munitions export without a license”. At the time, cryptography systems with keys over 40 bits were considered a weapon, and since PGP used 128 bit keys, Zimmerman was in violation of the law. However, Zimmerman was able to circumvent this by publishing the entire source code of PGP in a physical book (that could be scanned with OCR and recompiled into source code), since the export of books was protected by the First Amendment. Today, PGP is no longer considered a weapon, but still cannot be exported to a specific list of individuals/countries. ...

Update: LUKS2 is out, use it instead! LUKS2 was released in 2018, you should double-check the documentation for it before you blindly follow this guide. 🙃 Introduction Since TrueCrypt is no longer under active development, I’ve decided to wipe my external drives and re-encrypt them with LUKS and dm-crypt. These are standard Linux tools that are available by default in most distributions. I’ve used LUKS and dm-crypt in the past, when I installed Arch Linux on my laptop. Here, I’ll be performing a similar procedure, but without LVM. ...

Ever since TrueCrypt disappeared a few days ago, there has been a lot of speculation as to what happened. There are plenty of theories on r/netsec, r/linx, and r/crypto. Even Bruce Schneier doesn’t know what’s going on. There is a theory that the developer threw in the towel, however, the most popular theory going around is that the NSA/FBI/other-three-letter-organization was involved and this is TrueCrypt’s warrant canary. Because they would not legally be allowed to divulge the fact that they were being forced to backdoor their software, they decided to suggest alternatives known to be backdoored, knowing that users would understand the secret message. ...

Recently, I posted three articles of a four-part series showing how to encrypt an external drive with TrueCrypt on Fedora 20. As-of today, May 28th, TrueCrypt may not be secure after-all. The truecrypt.org website now redirects to truecrypt.sourceforge.net. A warning is displayed that reads, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues” and it directs users to alternative encryption packages for Windows, Mac, and Linux. ...