Saturday, November 15, 2014

ports scanning threats... 30 days

Just some common ports that are hitting my IP from chinese and russian based IP's that I find a little interesting.

TCP -9064
Typical port used by EMC legato networker and sun solcitice backup.
2646 packet drops

UDP - 17643
Unknown
 3234 packet drops

The rest are typical. Telnet and SSH... should be a given. 


Monday, November 10, 2014

Elliptic Curve Cryptography with GNUPG

A few things about the release of GNUPG 2.1.

https://gnupg.org/faq/whats-new-in-2.1.html

  • Revocation tickets are now created by default.
  • Secring.gpg will no longer store secret keys (About Damn time)
  • Support for ECC. 

A few things that make support for ECC very peculiar in the 2.1 release.

"For many people the NIST and also the Brainpool curves have an doubtful origin and thus the plan for GnuPG is to use Bernstein’s Curve 25519 as default. GnuPG 2.1.0 already comes with support for signing keys using the Ed25519 variant of this curve. This has not yet been standardized by the IETF (i.e. there is no RFC) but we won’t wait any longer and go ahead using the proposed format for this signing algorithm. The format for an encryption key has not yet been finalized and will be added to GnuPG in one of the next point releases."


$ gpg2 --expert --full-gen-key
gpg (GnuPG) 2.1.0; Copyright (C) 2014 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
Your selection? 9
Please select which elliptic curve you want:
   (2) NIST P-256
   (3) NIST P-384
   (4) NIST P-521
   (5) Brainpool P-256
   (6) Brainpool P-384
   (7) Brainpool P-512
Your selection? 2
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

These slides make a good case for the dangers of ECC. 
http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf
 
I would personally Stay away from ECC in GNUPG until they have curve 25519 available 
for processes other than signing messages. 
 




Sunday, November 2, 2014

Onedrive lulz

So everyone is now freaking out over this one drive article on the cryptome website.

http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm

So does onedrive really get your encryption keys when you do full disk encryption using bitlocker? Yes and No...

I do have a Windows 8.1 box... It's a box I do absolutely nothing on minus checking email on my outlook.com account and I have it converted over to conform with what Microsoft really wants you to do with that OS. (Hooked in with a Microsoft account)

It's encrypted with Bitlocker but with a small difference. I confirmed my bitlocker keys are not stored on my onedrive account. Originally when I created the box it had a local account when I encrypted it with Bitlocker. << This is key.... If you do it this way everything is forced locally somewhere. Such as a usb stick.

I do have a backup of my keys.. but they are in encrypted form on skydrive.

When using any cloud provider I suggest to never trust it. Layer your security with encryption that is done locally before you upload it to skydrive. I suggest using something like PGP.

Interested in testing this out... try it yourself.. remember create a local account and use that local account to encrypt your computer with bitlocker.