The Edward Snowden guide to practical privacy (via ElReg).
Not bad as security advice goes.
Didn't know about SecureDrop nor Qubes (the project lead seems paranoid enough to trust them with writing security software :-) ).
Thursday, November 19, 2015
Privacy Advice from Snowden
The Edward Snowden guide to practical privacy (via ElReg).
Not bad as security advice goes.
Didn't know about SecureDrop nor Qubes (the project lead seems paranoid enough to trust them with writing security software :-) ).
twofactorauth.org - list of providers with two-factor authentication support
Want to know if a specific service supports two-factor authentication? Check out https://twofactorauth.org/ (via KrebsOnSecurity) .
You still need to read the documentation from the specific provider to make sure what they do is sensible, but at least you have a nice list of potential providers with a useful link to their documentation.
Wednesday, November 18, 2015
Chat more secure than email?
Bruce Schneier recently commented on a paper that indicated that systems used to encrypt email are still not easy to use. I had read the paper (via ElReg) which concentrates on a PGP-related tool called Mailvelope. It is the usual public-private key combination which is clearly not easy to explain to non-techies.
I agree with Bruce's general comment on chat being more secure in the sense of easier to use securely. To add more evidence to this, Google just published some statistics (via ElReg) on how frequently email still circulates in clear-text, I have also recently learned about miniLock, which I found much easier to use that GPG and brethren. You can read the design document for the full details, but here's their key innovation in their own words:
In any case brilliant!!!
I agree with Bruce's general comment on chat being more secure in the sense of easier to use securely. To add more evidence to this, Google just published some statistics (via ElReg) on how frequently email still circulates in clear-text, I have also recently learned about miniLock, which I found much easier to use that GPG and brethren. You can read the design document for the full details, but here's their key innovation in their own words:
The idea behind its design is that passphrase memorized by the user, along with their email address, can act as a complete, portable basis for a persistent public key identity and provide a full substitute for other key pair models, such as having the key pair stored on disk media (the PGP approach).The only downside I see, is that since persistent private key is replaced with the email+passphrase combination, the passphrase needs to be really good, which is going to be bit of a pain for users. In exchange for that you get two advantages: 1) you don't need to carry with you and protect the private key 2) you don't need to explain to the user how public key cryptography works.
In any case brilliant!!!
Subscribe to:
Comments (Atom)