Ryan Collins

🕹️ Do Something Great! 😄

Tag: security

  • Keybase offers encrypted storage, encrypted instant messaging, teams support, and web hosting

    Keybase offers encrypted storage, encrypted instant messaging, teams support, and web hosting

    More and more of life leaves bits of digital information about us on numerous devices and services. This may include cloud services. Keybase is a service I’ve been checking out as way to securely save and share information, encrypted.

    Sell it to me Goz

    Keybase provides messaging services, cloud storage, and team messaging services, along with encryption to support everything. Nothing leaves your machine unencrypted. There is no way for anyone at Keybase to look at anything you’ve said or stored in Keybase.

    The cloud storage shows up as a drive on your operating system of choice (Windows, macOS, and Linux). Inside of this storage is a private area for your use, or there can be shared folders. Files placed in the drive are encrypted before leaving your machine. No one can read your data, not even anyone at Keybase.

    The public folder in your Keybase drive is available over https://. Files placed in the public can be shared with a simple web link. You can even host full websites.

    Even if you don’t use Keybase, you can use the website to encrypt data meant for my eyes only. On the Keybase website there is a form that allows you to encrypt data for a Keybase user.

    Once the data is encrypted you can safely email it or send it through a messaging service. Only the recipient will be able to decrypt the message. No one else will be able to read it.

    I am Spartacus!

    A key piece of Keybase is the ability to authenticate people. Well, you’re not guaranteed that the person you are talking to is who you think it is, but it is pretty close. A user of Keybase can prove to Keybase that the user is in control of various accounts and domain names (or websites). If you visit my profile on Keybase, you can see that I verified several different accounts. For an attacker to masquerade as me, they would have to take over several accounts on different services. I secure most of the sites with two factor authentication, which would make the task even harder.

    Using

    After installing the software, you can immediately start using it for chatting and storage. Be sure to save your pass phrase somewhere safe. If you lose it, you will lose your account and everything in it. Keybase cannot restore any information because all of your data is encrypted. Additional devices can be approved from any device that is already signed in. You can set up the software on your desktop, and then approve your smartphone from the desktop.

    Files can be stored securely in the mounted drive. I’ve started to use this storage for sensitive documents such as tax returns and medical forms & bills.

    There isn’t a search function to find others, you’ll have to know their name to add them and start chatting.

    Teams

    Everyone talks about Slack and Discord, but Keybase also lets you set up teams and channels. The teams also can share data.

    Git

    I haven’t played around with the Git features. Git is a distributed version control system, and with Keybase, you can store your repository in an encrypted form and share it with your team or selected others.

    This seems complicated

    Security is tough, and encryption adds another layer of complexity. Keybase takes away a lot of the difficulties on staying safe and secure. Also, any security assumes your machine is not infected with any sort of malware or viruses. If someone has control of your machine, then all bets are off.

    Feel free to shoot me a message if you sign up. Even if you’re not going to use it for chatting the other encrypted features make Keybase useful.

  • Creating passwords

    From time to time, we all need to create a password. As a consequence of being human, we have a habit of picking really crappy passwords. Here are a couple of ways to generate passwords that should be more secure.

    pwgen

    You can use pwgen in Windows, OS X (install through Homebrew or MacPorts, or Linux. It is also available online, although the online versions may not give you all the features of the program.

    By default, pwgen attempts to create memorizable passwords that are somewhat random. Examples include In9taeme, Xo4eenet, and Riequig2. While not totally random, they are more secure than most methods of creating passwords. Using the program allows you to specify other requirements for the password and a more secure random mode.

    Keychain Assistant (OS X)

    Built into OS X, the Keychain Assistant handles secure password storage for the operating system. It also has a function to generate passwords. You can launch it from the application menu.

    KeepassX (Windows, OS X, Linux)

    I use KeePassX to store my passwords securely. There are other password wallets that you could use that would also generate passwords, such as 1Password and LastPass. I needed something that was cross platform though. It also has a feature to generate passwords.

  • OS X not saving passwords?

    About a month ago I noticed that passwords weren’t being saved in apps
    in OS X like Safari, Omniweb, etc. I didn’t bother trying to figure out
    the problem, until today when I would go to a site in Safari and it
    would ask to save the password. I said yes everytime, but it still
    didn’t save it. Finally I tracked down this blog post, OS X Keychain
    Not Saving Passwords…    :

    I struggled with this one for about a month before I finally dug into
    what was wrong and how to fix it. It all started when I reinstalled
    because I couldn’t get BootCamp installed because of volume
    fragmentation. Since then, my applications, specifically Mail.app and
    Adium, weren’t remembering passwords even if I checked the little
    “remember” box.

    Basically, for some reason, the keychain file at
    \~/Library/Keychains/login.keychain was now owned by root instead of by
    me. To check and fix from the commandline (\$ is the command
    prompt):

    $ ls -l ~/Library/Keychains/login.keychain -rw-r--r-- 1 ryan admin 781380 Apr 8 11:17 (*deleted...*)
    My username is ryan. If it says anything else, use the following to
    change the ownership:
    $ sudo chown ryan ~/Library/Keychains/login.keychain
    It will ask for the administrator password, and then change the
    ownership of the file. I don’t think repair permissions in Disk Utility
    would fix this problem.

    ![][]

  • Beware of that Firewire port!

    There is a new technique that allows an attacker to unlock a Windows
    machine or login without a password    . This vulnerability also affects
    OS X    . Right now the hack currently requires a Linux laptop, but it
    could conceivably make its way to modified iPods.

    To protect yourself you’ll need to disable Firewire in your PC BIOS, or
    on the Mac you will need to set the Open Firmware password.