My Blog

Human chosen passwords have poor entropy, and are easy to attack Only for the same length. You can make bigger passphrases.

SMS text messages sent to your phone are not a valid form of 2FA since the hackers will just call your phone company claiming to be you and your phone was damaged. They get a replacement SIM, access everything linked to your phone.

Here is example with more secure options: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt If you have several GB of free memory you can increase the memory usage several times. My tests confirm that the "-t" parameter is not working correctly - it takes less than 200 seconds to derive the key from your password. Archiving private keys - TLDR version Learn more about key stretching . Keepass2 have the option to specify how slow should be the KDF. Click on "1 second" and then add one zero at the end of the number (10 seconds). This will slow down the opening of the database. However, it will also slow down the saving. After I tried to open the database made by Keepass2 with KeepassX I noticed that KeepassX is opening the database much faster than Keepass2 (it takes part of the second compared to 10 seconds with KeePass2). This means that you get false sense of security when your KDF hardness is set to 10 seco...

0. Make multiple encrypted copies. On DVDs (they are better than CDs and Blu-Ray discs; DVD+R are better than DVD-R), paper, cloud services like DropBox, OneDrive, Google Drive, e-mail it to yourself and to your friends, use P2P storage services like MaidSafe, Storj and Sia , etc. 1. Use proper font when printing PGP encrypted keys on paper. 2. Flash memory (SSD, USB flash drives, hardware wallets) is less reliable when not powered regularly (i.e. every week). 3. Use error correction methods like Parchive and ZFS. 4. Print on paper or store on digital media only encrypted data. 5. Your encryption software should use CPU/RAM-intensive KDF (i.e. scrypt with secure options - do not use defaults! ). First, encrypt with scrypt and then encrypt it again with PGP (using different password!) in ASCII armor mode before print it (other methods like QR codes may not be reliable as multiple copies of the PGP ASCII armor). Do not use the same password for the PGP because it's easy to brute...

When printing your keys make sure you use a proper font (that don't have similar characters - like "I" and "l", zero and big O). Also don't trust your printer - some printers have hard drives. And copy of all printed documents is saved on your hard drive (and then "erased" but it still revocable using "undelete" programs) - even in Linux. You can use this trick to prevent copies of printed pages to be written on the computer's hard drive (this is NOT applicable for printer's hard drive): mount -t tmpfs -o size=1G tmpfs /var/spool/cups chmod 0710 /var/spool/cups chown root:lp /var/spool/cups mkdir /var/spool/cups/tmp chmod 1770 /var/spool/cups/tmp chown root:lp /var/spool/cups/tmp Also you need encrypted home folder (/home/yourusername) to be safe and use tmpfs for writing the secrets before encryption. The default installation of Linux distros like Ubuntu is not very secure if you don't know what you are doing. For exa...

On my previous post I wrote how to send images with Bitmessage . In a similar way you can also send any type of file but you may need some extra cut/paste and writing commands.

If you run your Bitmessage client with nohup (like I am suggesting in this article ) you can view the statistics about nodes that are currently online:

The Bitmessage client is still in very early version. It don't support folders, filters, tags, attached files (in easy way). There is no even simple search. But you can send images and other files using Data URI scheme .