Cryptography

Software Anonymous Remailers Disk Encryption

PGP is obviously a good idea: look at who objects to it.

For years, FBI Director Louis Freeh has been assuring the public that he was only interested in preventing the export of strong encryption to foreign countries.

Then, in support of an almost unnoticed amendment to the SAFE bill, he suddenly insisted that unannounced inspection of private domestic e-mail was essential to maintaining law and order. Since pedophiles, international terrorists, and drug trafficers will presumably ignore anti-encryption laws, and since Martin Luther King and John Lennon are dead, just exactly whose mail is he interested in? Here's the current administration position on the SAFE bill.

Export Controls An excellent page at Fenwick & West which describes current US cryptography policy. The government seems to be losing the battle: Junger vs. Daley - First Amendment protects crypto source code

At last report, the government appears to have lost the battle to stop private use of encryption. Here are Newsweek articles on code rebels and How they Beat big Brother.

The FBI has other tools at its disposal to defeat encryption used by criminals. One such tool is the installation of a "keyboard sniffer" onto the suspect's computer in a "black bag" job. Such operations may require breaking and entering the suspect's premises and require a valid search warrant.

The FBI has also deployed a system codenamed "Carnivore" to intercept and read e-mail.

• Cryptography FAQ
• Snake Oil: Cryptography Software to Avoid
• Windows front ends to make the somewhat cryptic DOS command-line PGP 2.x easier to use
  • Aegis Shell my personal favorite
  • WinPGP
  • PGPn123
  • Mollusc
• Steganography is a way to hide encrypted files in harmless-looking image or sound files. Includes links to the most popular software.
• Steganography Another steganography page. Includes links to research, search engines, and the most popular software., with a backup site at Steganography Tools
• Where to get PGP FAQ PGP (Pretty Good Privacy) is the only product generally accepted as providing real security. ThisFAQ includes version information, sources, legal issues, and links.
• The PGP interactions page lists all of the various versions. Sam Simpson contributes this DH vs. RSA FAQ
• MIT distribution site for PGP The official source for PGP 2.6.2 and PGP 5.0 (for Windows 95). Makes you jump through all kinds of hoops to satisfy ITAR; you can find PGP overseas without all of this hoopla. Try PGPi while it's still legal.
• Keyservers: Bal's PGP Public keyserver Submit your PGP key so others can encrypt to you, or get somebody else's public key. Here's another at Network Associates, one at the University of Tromso, and one at PGPNet.
• PGP Attack FAQ Lots of conspiracy buffs question the security of PGP. Here's a page that discusses the possible ways PGP could be compromised.
• Hassop Cottage PGP Page World Wide PGP sites
• Keith Parkins' UK International PGP Home Page Discussion of PGP, it's uses and the politics surrounding it, and links.
• Finnish Cryptography Site A software catalogue for privacy-related programs. (software removed 14 Mar 99, but still has a lot of information).
• Here's another offshore source Another software catalogue for privacy-related programs.
• WinFiles.com provides a page of Windows 95/98 File Encryption Utilities.
• PGP Sells Out New versions of PGP may no longer be trustworthy

Anonymous Remailers.

These programs permit individuals to post to usenet without fear of stalkers and without fear of compromising personal and highly private information..

• Quicksilver This is by far the best program to automate the sometimes cryptic commands required by encrypting, chaining remailers.
• AnonPost This was the best program to automate the sometimes cryptic commands required by encrypting, chaining remailers, but it's no longer being maintained. Anybody got a current URL?
• Jack B. Nymble This program allows encrypted e-mail and anonymous usenet posting; it has good reviews, although I haven't tried it.
• Private Idaho This program allows encrypted e-mail and anonymous usenet posting; it has good reviews, although I only use it for e-mail.
• This page tests Mail-to-News gateways (m2n) to see whether they're up.
• This page tests remailer chains.
• You might also want to consider one of the free proxy servers to hide your web browsing. I used LPWA before it went commercial. Here's a place to check its effectiveness.

Disk encryption programs.

These programs encrypt portions of (or all of) your disks on-the-fly. Some of the authors claim that they make their source code available, but *none* (except ScramDisk) have made it available to *me*.

See this On-The-Fly Encryption: A Comparison page first; it's much more up-to-date than the material below. The site also includes an excellent comparison of disk and file shredders. and security flaws in OTFE systems..

• ScramDisk A new program, in active development, but works very well in Win95 (and Win98). Works with zip, jaz and hard drive partions and compressed drives (has a few bugs). Good reviews. Published source code, so it's getting peer review. Highly recommended!
• PGPDisk A new program for Win95; version 1.0 had a security flaw. Updated versions are available free (it's not clear whether that's intentional). Seems to work well.
• Hard Drive Encryption Comparison Andrew Fabbro's 1997 comparison of features of BestCrypt, SafeHouse, Private Disk, Kremlin, SecurePC, SecureWin, F-Secure, DataGuard, SAFE Folder, Your Eyes Only, Stealth Encryptor, Secure Store, and PGP.
• Hard Drive Encryption Comparison A 1998 usenet post comparing of features of PGPDisk, Your Eyes Only, BestCrypt, and Scramdisk.
• SecureDrive "SecureDrive V1.4 allows you to create up to four encrypted partitions on your hard drive(s). It also allows you to encrypt floppy disks." It works under DOS, Win 3.1 and Win 95, but does not work with Zip or Jaz drives. Security is rumored to be good.
• Secure File System "SFS (Secure FileSystem) is a set of programs which create and manage a number of encrypted disk volumes, and runs under both DOS and Windows." It works with hard drives, Zip, and Jaz drives, and is supposed to work under Win 95 (but not for me - it eliminates my CD-Rom, several other drive letters, and generally won't work)). Extensive documentation; security is rumored to be good URL no longer seems to work.
• Secure Device Look for secdev14.arj. "SecureDevice is a device-driver that will help you keep your private data private. It creates 'extra drives' on your system that are accessible just like normal disk drives." This works with Zip and Jaz drives under Win 3.1, but I can't make it work under Win 95. Security is rumored to be good.
• BestCrypt A commercial disk encryption program. It seems to work. Time-limited demo available. Some source code available. Software version doesn't work on compressed drive. They also sell hardware encryption. Security is unknown.
• Invincible Disk A commercial disk encryption program. Time-limited demo available. Haven't tried this. Security is unknown.
• F-Secure A commercial disk encryption program. It seems to work (on a file-by-file basis), but has a slow, clunky interface. Demos available. Security is unknown.
• Private Disk A relatively low-cost commercial Windows 95 program that permits you to create an encrypted "container" file. Mounting this file as a drive permits you to read and write to that disk. Time-limited beta version now available. Does not appear to work with Win98. Security is unknown. Haven't heard from the author in several months...
• SafeHouse A relatively low-cost commercial Windows 95 program that permits you to create an encrypted "container" file. Mounting this file as a drive permits you to read and write to that disk. Shareware 40-bit version available (no time limit). Security is unknown.