Dr. Who's Cryptology FAQ

Dr. Who's Cryptology FAQ You can download the original plaintext version of this FAQ here.

-----BEGIN PGP SIGNED MESSAGE-----

by Doctor Who

Introduction

I have received several helpful suggestions and hints from many people - - - -too many to thank individually - so thank you one and all. I am still awaiting feedback from anyone who has tried minder.com - if there is someone who has any info, please post or Email me.

Purpose of FAQ

The purpose of this FAQ is to help those who wish to improve their privacy. IF you view or store sensitive material on your computer this FAQ could be of help to you. It is not intended as a comprehensive overview of computer security, merely a means to that end. Links are provided throughout the FAQ. They are repeated in a list at the end for your convenience. This FAQ concentrates on computer security of sensitive data in the home. It also touches on privacy whilst online with Email and Usenet postings.

Why do I need Encryption?

Only you can answer that. Each individual has his/her reasons for the need for privacy. It should be everybody's right and should not need be a privilege that requires justifying.

How does encryption work?

In its simplest sense, the plaintext is combined with a mathematical algorithm (a set of rules for processing data) such that the original text cannot be deduced from the output file, hence the data is now in encrypted form. To enable the process to be secure, a key (called the passphrase) is combined with this algorithm. Obviously the process must be reversible, but only with the aid of the correct key. Without the key, the process should be extremely difficult. The history and progress of encryption is beyond the scope of this FAQ, but the important point to understand is that the best modern encryption algorithms are virtually unbreakable by anyone so far as is known, including Government Agencies.

I want my Hard Drive and my Email to be secure, how can I achieve this?

You need two different types of encryption software. For Email you need a system of encryption called public key cryptography. This system uses a key pair. One key is secret and the other is made public. Anybody sending you mail simply encrypts their message to you with your public key. They can get this key either directly from you or from a public key server. The only way to decrypt this incoming message is with your secret key. It is impossible to decrypt using the same key as was used to encrypt the message. Thus it is called asymmetrical encryption. It is a one way system of encryption, requiring the corresponding (secret) key to decrypt. Actually there is a lot more to it than this, but this is reducing the principle to its bare essentials.

For your normal hard drive encryption, you will need a symmetrical type of encryption program. The same key is used for both encryption and decryption.

Which Programs do I need?

Let's deal with Email first. For your Email I recommend Pretty Good Privacy (PGP). It is virtually the de facto Net standard for Email cryptography. It is easily available and installed. PGP is available in several versions as freeware. For Dos I recommend version 2.6.3, for Win95/98 use version 5.5.3 The Dos version 2.6.3 is in a Zip file and easy to install. Version 5.5.3 is exceptionally easy to install because it comes as a self-extracting Zip. It is equally easy to configure and use. The source code has been published. The algorithm has, so far, survived critical analysis. PGP is available for many platforms, including Unix, OS2, Mac, Dos, Win95/98, NT. You can even work with the source code and compile your own version if you are truly paranoid! PGP has several DL sites. PGP (like all powerful crypto) is considered a munition by the American Government, which means its export is prohibited without a license.

PGP is available here: http://www.pgpi.com/download/

The PGP FAQ is here: http://www.cryptography.org/getpgp.txt

Note: A new Windows version 6.0 has been released. However, so far as I am aware, the source code is not yet available. I would NOT recommend its use until the code has been released. Additionally, the freeware version is not backward compatible with earlier versions using RSA keys.

Which version should I use?

If you are going to send anonymous Email through the Cypherpunk remailer system, you will need PGP version 2.6.3 for the United States and version 2.6.3i for all other countries. These versions are also available as 32 bit programs which speeds up the process of encryption/decryption but maintains their compatibility with the Cypherpunk system. You can also get a Windows version 5.5.3 for the States and 5.5.3i for the rest of the world.

It is possible to install both the Dos and the Windows versions, but I have found it very cumbersome trying to synchronize the two separate keyrings of the two versions. There are also various restrictions on the choice of type of key to retain backward compatibility. I have experienced incompatibilities between the two versions, despite ensuring that both versions have supposedly compatible keys. The Windows Version 5.5.3(i) offers you a choice of key types, either RSA or Diffie-Hellman/DSS which is the default offered by PGP. The older Dos version 2.6.3(i) can only work with the RSA type of key. Most amateur, as opposed to commercial users, are still using RSA keys. There is no need to be fazed by the Dos version of PGP as there are programs available which do all the work for you. See later in the FAQ.

If your primary reason for using PGP is to send anonymous messages via the Cypherpunk remailer system, you must use the Dos version for compatibility reasons. On the other hand, if you just want privacy for your Email and you are not bothered about anonymity, I would suggest using the Windows version for ease of use.

Why are there two versions of PGP, RSA and Diffie-Hellman/DSS?

RSA is registered in the United States (but not elsewhere) and a license is required to use it. There are PGP versions dedicated for the United States which use RSAREF, a free license version of RSA for private use only and an international version which uses normal RSA. Because of the United States ITAR (International Trade and Armaments Regulations) PGP can not be exported. The international version is a re-compiled version from the original source code exported legally in book form. Do not ask me to explain the absurdity of this situation, it is beyond rational explanation.

After 20th September 2000 the license runs out on RSA and it will be freely useable by anyone. Diffie-Hellman/DSS uses two keys, one for encryption, Diffie-Hellman and one for signing, DSS or Digitally Signed Signature.

I've installed PGP, I'm ready to generate my keys, now what?

Assuming you wish to correspond anonymously via the Cypherpunk remailer system, then create at least two separate key pairs. For future security against improvements in computer technology, I would suggest generating 2048 bit sized keys. The first pair are for your Email usage. This first key should be signed and if you want others to have access to your key to enable them to send you encrypted Email, submit it to a key server, e.g. http://pgp5.ai.mit.edu/. You may want to adopt a Nym (anonymous name) for this key. If you do, then choose something that cannot be traced back to your Email address. I would recommend you also create another Nym which will use the other key pair. This second Nym should not allow fingering of your public key, nor should you submit it to the key servers, nor should you sign this key. This second Nym is for your highest security. You do not offer this public key to anybody. In fact for the maximum possible security, you should point your reply block for this Nym to a newsgroup, such as alt.anonymous.messages. All incoming mail to you via your Nym, even plaintext, will be encrypted from the Nym to alt.anonymous.messages. This ensures that everything sent or received by you via your Nym is secret and virtually untraceable back to you.

For more understanding of the pros and cons of signing these keys read the Nym FAQ.

Where can I get the Nym FAQ?

Send Email to: [email protected] - without a subject or body text. This is essential reading before you set up a Nym.

What about the data on my Hard Drive?

PGP is excellent for Email, but for data storage it is essential to use an "on-the-fly" encryption/decryption program. On-the-fly means the data is ALWAYS in encrypted form on the drive, it is only decrypted in memory (and possibly in the notorious Windows swap file - more about that problem later). When the drive is mounted, this means after entering the correct passphrase and the drive is visible as plaintext, each read/write to the drive decrypts to memory or encrypts to the disk as necessary. It should be impossible to write to the drive when unmounted. If it were read, it would appear as gibberish. The advantages of this on-the-fly encryption/decryption cannot be too strongly emphasized. It means that at all times your files will remain in encrypted form on your hard drive. If a power failure occurred you are not left stranded with sensitive material lying around in plain text, except in the swap file! Yet once you have entered your passphrase you can see the contents of the encrypted partition, just as if it were plaintext. There are several of this type of program, with more appearing all the time. What is most important is that you use some form of encryption. There are many lesser programs that offer file by file encryption/decryption, but these offer unacceptably high security risks and should be avoided. There are other more practical advantages to on-the-fly encryption if you have a large hard drive. Just try decrypting several Megabytes or even Gigabytes of files each time you boot your computer, remembering they must all be re-encrypted at the end of the session and their plaintext equivalents securely wiped! With large drives using strong crypto it could take hours, an absurd scenario.

I have Windows 95/98, what should I use?

First off, Windoze 95/98 is definitely not a security orientated program. I believe superior security can be obtained by using NT 4. However, this raises other issues including not all programs will work under NT 4.

There are several programs that offer on-the-fly encryption/decryption. I have only had experience of one with Windows: BestCrypt. I strongly commend BestCrypt for its very strong security and ease of use. BestCrypt is commercial ware. It costs around 90 Dollars US. Its authors are in Finland thus outside the ITAR restrictions of the United States. You have a choice of three different algorithms: DES, Blowfish, GOST. A full explanation of these algorithms is included with the documentation. I would choose either Blowfish or GOST. DES is no longer considered strong crypto and is in any case slow.

Note 1: A new version 6.00 is now available. I believe it addresses at least one of the minor bugs that I have discovered in the existing version. One minor drawback of Version 6.0, is that it does not at present support the BestCrypt+ hardware option.

Note 2: the following 4 questions can be ignored by those uninterested in extreme measures of computer security.

What is the BestCrypt+ Hardware option?

This is an ISA card made by Jetico (BestCrypt) that simply plugs into any spare ISA slot on your PC. This option works in conjunction with a floppy disk containing a 128 bit randomly generated keyfile plus a passphrase that must be input before Windows is started. Even if your keyfile is stolen, it alone cannot open the BestCrypt container. It still requires your passphrase on boot. Additionally, a snooper will still need your high (Windows) level passphrase to open the container.

The drawback is it significantly slows down the encryption/decryption by about a factor of two or three to one. This is very noticeable. A PCI version will be available possibly next year with a much faster data throughput. The present card is very expensive at around 300 US Dollars, so is only of interest to true propeller heads.

How does this improve security?

The major advantage of the BestCrypt+ hardware option is it ensures a virtually tempest attack free encryption system. Tempest is an acronym for Transient ElectroMagnetic Pulse Emanation Surveillance. This is the science of monitoring at a distance electronic signals carried on wires or displayed on a monitor. The hardware card automatically interrupts the normal boot up from cold and asks for a passphrase before any operating system is loaded. Additional to the tempest defence, this must ensure that any snooper installed trojan designed to capture your normal high level passphrase has not yet loaded. This system thus requires both a low level (Bios) passphrase and a high level (Windows) one.

Although of only slight significance to the average user, tempest is of enormous significance to serious cryptography snoopers. To minimize a tempest attack you should screen all the cables between your computer and your accessories, particularly your monitor. A non CRT monitor screen such as those used by laptops offers a considerable reduction in radiated ermissions, so may be considered by the truly paranoid. More serious (more paranoid?) users may wish to consider screening their room. This sounds absurd but is routine with certain Government Agencies.

Do I still need the BestCrypt software if I use the hardware?

Yes. Together with the card, you receive modified BestCrypt software on floppy disk which includes the necessary GOST-TSM - TSM means Top Secret Mode. The Russian GOST encryption algorithm is the only encryption standard supported. The system is quite sophisticated, but regrettably the installation instructions do leave a lot to be desired. "After the board is installed", is the level of help offered in installing the ISA board, so only advisable that it be bought by people familiar with the insides of their computers. Possibly more seriously, the card does not support "plug and play". This may not matter if the default interrupts are acceptable to your computer. If they are not, then you will need to start experimenting with the on-card dip switches, which can be time consuming and messy, particularly for the less experienced.

How does it work?

After installation of the card, you generate a keyfile with the utility that comes with the hardware. This utility (called Genskey) generates a keyfile on a floppy with your choice of passphrase. Once generated, the passphrase cannot be changed, but the file can be copied onto other floppies or even onto your hard drive (not advisable, of course). The generation of this keyfile and inputting of the passphrase is necessarily done at high level (within Windows), so is only safe if you are not at that time being monitored. On cold boot (startup), you are asked to insert this floppy, then you are asked to type in your passphrase, which does not appear on screen. You have three opportunities to input the correct passphrase, else it defaults out and loads Windows normally, but then denies you the opportunity of opening your BestCrypt container. You also have the option to immediately bypass the keyfile by pressing the Esc key.

This extra hardware option works only with BestCrypt containers that were created after installation of the ISA card, using the keyfile with the correct passphrase AND choosing GOST-TSM as the encryption choice. If a different encryption algorithm was chosen, the hardware is redundant, despite asking you for the keyfile on boot. You can create any number of keyfiles with different passphrases, but only the original (or a Genskey made copy) which was used when the BestCrypt container was created will open the container. This applies even if a new keyfile is generated using an identical passphrase.

One possible problem I found was to ensure that the passphrase chosen only used text and/or figures. This is because your Windows keyboard layout may not match the default layout supported at the Bios level. This error is of course picked up the first time you try to input your freshly created keyfile. Despite repeatedly checking with the utility that the keyfile is functional, it becomes impossible to get it to be accepted by the card. There is no mention of this possible problem in the instructions.

Which is best, BLOWfish or GOST?

How long is a piece of string? It is impossible to answer. The BlowFish algorithm was designed by Bruce Schneier in 1993. He has given away his intellectual property rights to the algorithm in the interests of the wider crypto community. In my opinion a very generous action. The source code is available and has withstood 5 years of crypto-analytical scrutiny. GOST is a Russian crypto, a fallout from the cold war period. Probably strong, but.... GOST is in any case the only option if you decide to use the BestCrypt+ Hardware option. One major advantage of Blowfish is its speed. It was written specifically for the 32 bit microprocessor. It is much faster than DES and GOST. The Blowfish algorithm can be implemented with variable key sizes from 32 to 448 bits. BestCrypt have chosen to use 256. This cannot be changed by the user and represents a compromise between absurdly high strength and speed. Gost also uses 256 bits. BlowFish is my personal choice, but you decide what is best for you.

Note: For the uninitiated the size of the key is a rough arbiter of the strength of a program, but is only one of the factors. The most important is the type of encryption algorithm that is chosen. Strong crypto algorithms (such as BlowFish) with 256 bit keys are for all practical purposes uncrackable by any presently known method. Rough guestimates of the time taken to brute force attack BlowFish suggest that even with every Cray supercomputer on the planet working full time, they will take until the sun goes supernova in about 5 Billion years. Probably strong enough for most people.....

How flexible is BestCrypt??

The BestCrypt software can create any number of encrypted partitions called containers of mixed sizes up to 2 Gigabytes each (Version 6.0 allows 4 Gigabytes with Windows 95/98 and 64 Gigabytes with Windows NT 4), with a maximum of 8 mounted at any one time. BestCrypt offers other facilities, such as floppy disk encryption, hot key crash close and timeout close - if these are not intuitively obvious, all is explained in the help file. BestCrypt talk about virtual drives and containers which may confuse some people. The container is the name given to the encrypted partition. When viewed in Windows Explorer it will look like a very large file, in fact it looks identical whether mounted or unmounted. When mounted an extra drive letter appears in Explorer. If you click on this drive letter, its contents will be displayed by Explorer exactly as if it were a normal drive or partition in plaintext.

You can download a 30 day trial version to try before you buy. I urge you to try it. BestCrypt is available from Jetico: http://www.jetico.sci.fi.

What are the advantages of BestCrypt?

1. On the fly encryption/decryption 2. Easy to install and set up within Win95/98. 3. Can be easily manipulated as a Windows file for backup purposes. 4. Totally transparent in use, i.e. when mounted. 5. Can be set up on a Jaz drive, if required. 6. User determines the size of the container, up to 2 Gigabytes. 7. Includes a freebie wipe free space utility

What are the disadvantages?

1. Commercial ware and so costs money. 2. The source code has not been published, but it does use the BLOWfish algorithm, which has been published. 3. Care must be taken to only mount the container when off-line to prevent hacking. 4. Maximum size of container limited to 2 Gigabytes. 5. Writes to the Registry, thus impossible to hide its presence.

Is there anything cheaper than BestCrypt?

Yes. A new on-the-fly Hard Drive encryption program has very recently surfaced, called ScramDisk. This is what is claimed about it: "ScramDisk is a Hard Drive encryption program that runs under Windows 95 & 98 and provides a number of 'high security' ciphers including 3DES, Blowfish and IDEA. Encryption is done in CBC-mode using random IV & pre-encryption whitening values. The program uses SHA-1 as the passphrase hash algorithm". One advantage of ScramDisk is it does not write to your Registry. This suggests that you could install it on, say, a Jaz drive and run it from there. When you finish your session you simply remove and hide the Jaz drive disk. There is then nothing left on your computer to suggest you are using encryption. This may be very useful in some countries with insecure/totalitarian Governments, such as France, Iraq, Iran, China. Two things to consider about this:

1. Where will you securely hide the Jaz disk?

2. A removable media magnetic drive of any sort is inherently less rugged than a floppy or optical. This means more care will have to be taken when handling it.

If you want ScramDisk try here: http://www.hertreg.ac.uk/ss/

Is ScramDisk easy to install?

It requires a more technical insight into its installation than does BestCrypt, suggesting moderate computer literacy is required. As this is a new program, some may wish to await peer review before trusting it completely. The Author's offer to publish the source code is very welcome. Version 2 has just been published.

I hate Windows, what about us Dos users?

If you are running old faithful DOS or Win3.XX, then I recommend SecureDrive for your Hard Drive encryption. This is intended to encrypt whole drives (or partitions) up to the Dos limit. It is extremely powerful, it uses the IDEA algorithm with a 128 bit key size. It operates with on-the-fly encryption/decryption. Better still, the source code is available for those who understand such things, to prove that there are no back doors. As powerful as PGP, but specifically designed to hide files and folders on your computer. It encrypts the whole drive or partition except for the boot sector, unlike BestCrypt which limits itself to your chosen size. It is simplicity itself to install. Just unzip the file and read the install notes. It takes about one hour per Gigabyte to encrypt a drive or partition, depending on your processor speed, probably the same time as BestCrypt. One potentially strong advantage of SecureDrive over the basic software based Bestcrypt is its ability to feign the use of a keyfile. Taken from the Install Notes (quote): "Since SecureDrive can encrypt disks using either a passphrase or keyfile or both. One devious defense against "rubber hose" cryptography is to set up a keyfile on your hard disk, but then overwrite and erase it. But leave the environment variable). Each time you invoke LOGIN or CRYPTDSK, you will get a warning message that the keyfile cannot be opened. So it appears you have just destroyed your keyfile. But in reality your disk(s) can just be encrypted by a (strong) passphrase. But the only way your adversary can prove that a keyfile is not required is to guess the passphrase!" Very clever indeed. Of course the same applies to the BestCrypt+ hardware keyfile.

If you wish to use SecureDrive it is available here:

ftp://utopia.hacktic.nl/pub/replay/pub/disk/secdr14b.zip

or here:

http://www.stack.nl/~galactus/remailers/securedrive.html

What advantages does SecureDrive have?

1. Freeware 2. On-the-fly encryption/decryption 3. Totally open source code, thus no back doors. 4. The ability to incorporate a keyfile at start up 5. More difficult to copy and crack off site6. 6. Passphrase is entered at Dos level, reducing the risk of a "Trojan horse" attack on your passphrase 7. Maximum size of partition only limited by Dos

Disadvantages:

1. Only works with Dos, Win3.XX or early versions of Win95 (pre OSR2). 2. Difficult to copy in encrypted form for backup purposes. 3. Difficult for the inexperienced user to control the size of the encrypted partition, unless he allows it full reign. 4. Cannot be used with a Jaz drive or a CD-Writer.

Regrettably, SecureDrive is a 16 bit program and appears to be FAT16 compliant only.

For further reading and many security related links and a glossary of security terms try here:

http://www.io.com/~ritter/GLOSSARY.HTM

I use Mac, OS2, Linux, Unix, NT (fill in your choice), what about me?

Sorry. I have no experience of any system other than Dos and Windows. But you could do a search for yourself here for example:

For NT ...

"Sentry" http://www.softwinter.com/sdown.html

BestCrypt now also has a version for NT at http://www.jetico.sci.fi/

For the Mac ...

CryptDisk http://www.primenet.com/~wprice/cdisk.html

PGPDisk http://www.nai.com/default_pgp.asp

I have heard that there are programs that HIDE and Encrypt, are these any good?

I advise caution. First of all, to the best of my knowledge, they do not publish their encryption algorithms. Be very cautious of any such program. Secondly, they only "hide" the file from the Windows operating system. Any technician could find those files in seconds. Yes, they are encrypted, but how strong is that encryption? Ask yourself, is it subject to the United States ITAR export controls? If not, it must be relatively weak crypto. Be very wary of snake oil. Remember, there is a considerable difference between hiding files from your wife/girl/boyfriend and hiding them from Big Brother with all the resources he can bring to cracking your system. Never under-estimate the snooper. Getting it right is far cheaper than getting it wrong!

What about simple file by file encryption?

I strongly urge you to use on-the-fly encryption/decryption. Nevertheless, you may need a simple file by file encryption tool, but with the strongest possible security. PGP can be coaxed into this, but it is very clumsy in its Dos version, compared to some programs. This after all, is not its prime purpose. There are many of this type of program, possibly some are free. I have used two, Kremlin and Blowfish Advanced 97. Kremlin entwines itself into your Registry and offers a file wipe facility for shutdown, very useful. BFA 97 uses a rather smart browser, it also offers a file wipe facility. It is simpler to use than Kremlin. Naturally, it uses the Blowfish algorithm, but due to the new restrictions within Germany, its strength is now limited to 64 bits - so not now recommended for critical applications. It is shareware and cheaper than Kremlin.

Kremlin is here:

http://www.mach5.com/kremlin/index.html

BFA 97 is here:

http://come.to/hahn

Tell me more, tell me more, tell me more...

As the majority of users are likely to be using Win95, I will concentrate on the BestCrypt program, but substitute ScramDisk or SecureDrive if this applies to you. I strongly urge you to invest in at least two hard drives of equal size. Partition each drive such as to allow up to 2 Gigabytes for the BestCrypt container (4 with version 6.0) or whatever you can spare, depending on the size of your drives. These two separate partitions on each Hard Drive, one encrypted and the other plaintext for your Windows programs, etc, can each be copied to the corresponding second Hard Drive for backup purposes - more about how to do this later. The BestCrypt encrypted container is mounted by either clicking on the file or on the BestCrypt icon on your Desktop. When you do this, a window opens showing all the Hard Drives and all the BestCrypt containers that are available. Click on any one and a passphrase box opens. In this passphrase box you are offered a drive letter to allocate to this container. This is why it is called a virtual drive. For all practical purposes, after mounting, it seems like a drive. You can either accept the default Windows chosen drive letter, or change it to something else, provided it is not already in use. You can allocate the same drive letter to more than one container, provided you only open one of them at a time, otherwise it will default to a different letter. Once you allocate a drive letter, BestCrypt will remember it and use it until you choose to change it. This is very useful if you backup your BestCrypt container from one partition to another. One point to remember, if you have any shortcuts pointing to this drive letter on your desktop or in the drive itself or in the Windows Start menu, you will need to keep to the same letter every time you mount, otherwise the shortcuts will not function. I would not recommend leaving trails from the start menu or on the Desktop, but that is up to each of you. I would keep all the shortcuts in the root of the drive itself, together with all programs that you will use, plus all the files that you choose to DL. I will give my recommendations later. When the drive is mounted it is seen in My Computer and in Explorer as "Crypted-Disk", or whatever volume name you give it (Hint: Do NOT use a volume name that is descriptive of the volume's contents!) This icon can then be clicked on and opened. The shortcuts to the programs residing within this virtual drive will then be seen as if they were on your desktop. You can use the same passphrase for all containers should you wish, perhaps even the same as you use for PGP. There are arguments for and against this, which I will not go into here. If you install PGP within the encrypted drive (most strongly recommended), you need not bother with any passphrases for your PGP keys, except as a precautionary means to identify different keys. More on this later in the FAQ.

Are there any precautions in using BestCrypt?

Yes. You must never defrag the drive on which the encrypted container resides unless the container is dismounted. You can defrag the container itself when mounted and you can defrag the drive on which the container is stored, provided the container is closed. To attempt to defrag a drive with an open BestCrypt container could be disastrous and cause the container to be irreparably damaged with consequential total loss of data. The moral is of course to always back up your data, hence my suggestion for two drives. Jetico claim this slight drawback has been fixed in version 6.00.

Another precaution is to decide the size of the BestCrypt container, then partition your Hard Drive to that size. When you create the new container, BestCrypt will tell you the maximum size available within that partition. This partitioning of your Hard Drive takes the BestCrypt container off your normal drive C. This is recommended, otherwise it can take forever to defrag drive C as Windows will always endeavor to keep this very large file contiguous. If you are particularly lazy and never defrag your Hard Drive, it is possible under the worst case conditions for the BestCrypt container to become so fragmented that it will not mount. This will happen if there are more than 50 discrete fragments to the container. Always defrag regularly or better still use a separate partition. The BestCrypt containers cannot be deleted from within Windows. To delete/erase/wipe a BestCrypt container, you must do it through the BestCrypt control panel. It takes only as long as it takes to type in your Passphrase, then puff, your BestCrypt data is no more. Be very aware, this will irrevocably and irreversibly lose your data. It simply scrambles the passphrase checking part of the BestCrypt file. The encrypted data is now inaccessible and safely lost forever. Incidentally, although you cannot delete a BestCrypt container within Windows, it can be done when in Dos. You can also overwrite it within Windows by copying another similar named file over it. To Windows it is just another (possibly very large) file.

Can BestCrypt encrypt Floppies?

Yes. This is a very useful function - see later.

Does using Encryption slow things up?

Yes, there is a small speed penalty because your computer has to constantly encrypt to write to disk and decrypt to read from it. It is also the major reason given by the "decrypt all files together" type of programmer for you to buy his wares. These days this overhead is almost unnoticeable with any modern Pentium based machine, except with the BestCrypt+ hardware. Regrettably this will definitely be noticeable.

How can I partition my Hard Drive?

I recommend Partition Magic. It makes partitioning your Hard Drive very easy. Better still, Partition Magic offers easy copying from one partition to another, even your Drive C. This is very useful. If you are unlucky enough to lose a drive (a virus, or whatever) you can use Partition Magic to copy it all back. It works in DOS and is very simple to use. It is commercial ware and costs around 70 Dollars. The manual forgets to tell you that before you can copy across from one drive or partition to another you must first delete (using the program) the destination drive or partition. Unless this is done the copy command stays grayed out! I have noticed other programs from PowerQuest which suggest similar functions, but I have never used them so cannot vouch for them or offer any opinion about them.

Partition Magic is available from: http://www.powerquest.com/

I believe there are freeware or shareware programs available - do a search on www.tucows.com or on www.shareware.net

How large should I make the BestCrypt containers?

The sizes of the BestCrypt containers are entirely up to you. There is no reason why you shouldn't make them of 1020 Mb if you are going to backup to a 1 Gigabyte Jaz drive or double that if you are fortunate enough to have the 2 Gigabyte version. To save time you only need to create one container, then copy it using Explorer. It is quicker to do this than to get BestCrypt to encrypt another partition from scratch. If you want the benefits of an external hard drive, I would recommend the Jaz drive. The drawback is the cost of the media. I have no experience of the SyQuest equivalent. A much cheaper alternative is a CD-Writer. The storage media for these are considerably cheaper than the Jaz equivalent. Unfortunately, the maximum size possible with a CD writer is around 600 Mb.

Are there any bugs with BestCrypt?

I have found only two. The first is it cannot create a container to the full capacity of a CD-RW disk. For some reason it can only encrypt to one quarter of the available space. You can work around this by creating it on your Hard Drive and copying it across. A CD- Writer is excellent for archiving, but very slow in my experience and prone to crashes! Present implementations are far too slow to use as a substitute Hard Drive. The second minor bug is when you request floppy disk secure made with a previously encrypted floppy. For some reason on my system, at least, it always displays: "Check floppy password error". It then offers three choices, retry: yes, no or cancel. If this happens to you, simply click on "NO" and you will find access is available to the floppy. To avoid this, I always uncheck the password check box first. Ignore the bug (if it appears on your system) and you have a very useful adjunct to your encryption armory. Incidentally, attempting to read from an encrypted floppy without first inputting the passphrase (i.e. setting secure floppy mode in BestCrypt) and Windows tells you the floppy has not been formatted and will offer to format the disk. Might be a useful feature. In earlier versions I wrongly claimed that it was not possible to do a diskcopy with an encrypted floppy. It is, but before reading the copy, remove it from drive A. This clears the Windows cache and it should then be possible to check the copy is encrypted and when in floppy secure mode, readable as plaintext.

Note: These experiences are based on the earlier 4.12 version of BestCrypt. It is possible that these have been fixed in version 6.0

What are the precautions to be taken with the Passphrase?

In earlier versions of this FAQ, I strongly recommended great care be taken to ensure a secure (which means long) passphrase is chosen. I would recommend a passphrase of at least 20 random characters, which is very difficult to remember, or 30 plus of a more easily remembered text and figures based passphrase. Remember the adage, strength in length applies to crypto passphrases. Provided you keep your PGP keyring within the encrypted drive there is no absolute need to bother with a passphrase at all for PGP. This may sound extreme, but the protection of your privacy is ensured by the encrypted drive. It is quite possible that the consequences of someone accessing your encrypted drive's data is marginally more serious than their ability to access your PGP secret keys. If you decide to forego a passphrase for your PGP keyring, be absolutely certain that all your backups of the keyrings are in encrypted form. I suggest a possible solution to this later in the FAQ.

Isn't there some risk with my passphrase always being held in memory?

There is a slight risk of someone hacking into your computer whilst online and yes, they may be able to read anything that is in your swapfile or even your encrypted hard drive if it is mounted. If you believe this is a significant risk to you, then I recommend you try the BestCrypt+ hardware option.

If I go to all these lengths, am I truly safe?

Unless you are using the BestCrypt+ hardware, not completely. There is still the faint possibility of a tempest attack.

Are there any other precautions I should take?

Make copies of all your PGP keys, a textfile of all your passwords and program registration codes, copies of INI files for critical programs, secret Bank Account numbers and anything else that is so critical your life would be inconvenienced if it were lost. These individual files should all be stored in a folder called "Safe" on your encrypted drive. Encrypt a floppy with BestCrypt using your usual passphrase and copy this folder onto the floppy. Whenever you update "Safe", you should also update your floppy backup to ensure synchronization. Now copy the self extracting Zip file for the BestCrypt program plus a plaintext file of the registration key for the BestCrypt program onto another floppy - DO NOT ENCRYPT THIS SECOND FLOPPY! Both these floppies should be kept apart from your computer in case of theft, fire or any other interference. If the worst happens you should be able to restore your data from your backups on your Jaz or CD-R and use this floppy to re-install the BestCrypt program to allow you access again. Making backups is a boring business. We can always think of a zillion better things to do, but if ever you get a system crash you will be convinced of its worth. Trust me, I speak from experience...

What programs do I put in my newly created Encrypted Drive?

You need to take care over which programs to choose. Some Newsreaders and Image Viewers and Emailers can either write critical information to your Registry, early Anawave Gravity wrote your News Providers passwords in plaintext, ACDSee will show the drive\folder path of your last access, Eudora and AnonPost will send revealing info when attempting to communicate anonymously. Eudora always seems to find your correct Email address. AnonPost sends a handshake to your ISP which can reveal your Email address. Only significant if you are using an anonymous remote host - - - - see later in FAQ. For what it's worth, here are my choices for these critical programs:

1. Agent (or FreeAgent) for the newsreader, and basic Emailing. Agent will write to the registry, so its presence cannot be disguised, but this is probably not too serious.

2. I recommend the latest version of ACDSee as your viewer. Make certain that if you use the cache facility, you set it up within the encrypted drive. This allows easy previewing of thumbprints and click and zoom to examine image quality. ACDSee will write to the registry and will always disclose the last drive\folder accessed in the registry. If this bothers you, I suggest using VuePro. Allow VuePro to install itself in its default (Windows) folder, but do not allow VuePro to become the default viewer for your system. Now move (not copy) the three files, onto the encrypted drive. VuePro generates an ini file. This ini file will reveal the drive path and name of the last file accessed, even worse than ACDSee, so make certain it is installed within the encrypted drive (this is why it should not be allowed to become the default viewer). You could use Thumbs Plus. This similarly will write to the registry, but you can ensure that its self-generated database is stored within your encrypted drive. Thumbs Plus does not reveal anything except its location in the registry. VuePro on its own, is a little clumsy for general viewing, it needs Thumbs as well, whereas ACDSee can combine the best of both, but regrettably tell everyone your last drive and folder accessed! Your decision. I will concentrate on ACDSee for the purposes of simplicity.

ACDSee is here: http://www.acdsystems.com VuePro is here: http://www.hamrick.com/ Thumbs Plus is here: http://www.cerious.com

3. I strongly recommend Jack be Nymble (JBN) for your Nym accounts and sending and posting anonymously. This is a very sophisticated program and requires much dedication and concentration to get the best out of it. It is freeware and cannot be too strongly recommended in my humble opinion. It can automate many functions in setting up and managing a Nym, including automatic decryption of incoming messages. It requires the Dos version of PGP, but will help you configure it. It likewise will help you configure the Mixmaster chain of anonymous remailers. Because of the United States ITAR you must be a United States or Canadian resident to use Mixmaster. (Aside here, if you are truly anonymous, how will they know?). JBN is excellent for all your encrypted mail. It has many options, too many to list individually - read the manual. It can also ensure your Usenet postings are truly anonymous. You will have to experiment with the appropriate mail2news gateway. Not all support all groups. Also, be prepared for some considerable unreliability from these remailers as they are apparently under constant attack from spammers. Jack be Nymble is available here:

http://members.tripod.com/~l4795/jbn/index.html

4. For browsing I find Netscape Gold the best. You can direct it to locate its Bookmarks file on the encrypted drive. The later versions want to create user profiles and worse want to put them in exposed folders. Be careful! All versions will write to the registry, but this is difficult to avoid with any browser. I most strongly suggest you do not use Microsoft Internet Explorer. It will insist on keeping things within Windows, be very careful with that one! This is especially the case for MS Mail and MS News and Outlook. Of course, you can always use MSIE as a normal browser on your desktop for non-critical browsing and Email, should you wish.

Note: MSIE4 has a feature which can import favourites, it does it just by clicking on "Import favourites". It will automatically find and display your Netscape browser's bookmarks from your encrypted drive if the encrypted drive is open. As a precaution I would delete the feature if it is not required.

5. Many files are compressed. The most popular is Zip. I recommend obtaining a copy of WinZip from here: http://www.winzip.com. Or, do a search for PKunzip which is freeware, I believe.

6. Any person who browses the Net should ensure they have a good virus detector. There are many to choose from, some are freeware, others are shareware or commercial ware. I use Norton's only because I like its Live Update Feature. It allows you to update the virus list online. Useful and so easy.

What folders do I need on my Encrypted Drive?

These are my suggestions. Obviously adjust to suit your needs. Create two new folders in the root of your encrypted drive, name them "Programs" and "Library". All the above programs, except the virus detector and WinZip, should now be installed into the folder "Programs". Create two more folders under Library naming them "! - Incoming" and "Zzz", Ensure there is a space between "!" and "incoming" This ensures that "! - incoming" is always at the top of the list of folders, making it very easy to locate each time. Still in the Library folder, create a set of folders starting from "00" (zero, zero) through "9" and another set from "A" through "Z", finally throw in one more of "!!" for those files that have a symbol as their first character. You should now have all these additional folders inside Library, starting with "! - Incoming" at the top and finishing with "Zzz" at the bottom. Should you wish to add a "specials" folder for your favorite pics, call it "! - Specials". Likewise if you wish to have a sub- folder for your text downloads, create "Z - text". Install ACDSee into its choice of default directory on drive C (remember your cannot hide its presence as it insists on writing to the registry, as does Thumbs and to a lesser extent VuePro).

There are numerous other options, too many to list here. Enjoy experimenting. I found that using the cache facility always slows up ACDSee when I want to change folders, so I have stopped using it.

Go into Agent\Group\Default Properties then browse and choose X:\Library\! - Incoming, for both "directory for saving attached files" and "Temporary Directory for Launching Attached Files". Go to Group\Default\Properties\Post and ensure both "Prevent Usenet messages from being archived X-No-Archive" and "Observe no archive requests from original message in follow ups" are both checked.

It is simplicity itself to move pics from "! - incoming" to wherever. Just highlight all those pics you wish to move and drag them using the mouse to the chosen numbered or lettered folder depending on the first letter of their file name. Easy! One of the most useful features of both ACDSee and Thumbs is that if you have downloaded dupes, you can offer them to their respective folders and the programs will show you a thumbnail of the pic, plus give you the file sizes, so you can replace if you have one of a better resolution.

How can I ensure my temporary files do not give away info?

Regrettably, despite all your best efforts Windows will still save to a swap file unless you perversely disallow Windows from using one and risk program lock-ups. This is an unavoidable risk with Windows. To minimize this problem you must use a wipe utility. BestCrypt includes a disk free space wipe utility which works whilst in Windows, but do not trust it to completely wipe the swapfile. It is impossible for any utility to do this truly effectively whilst Windows is still running. However, do not despair there are ways around every problem.

1. In Windows, go to My Computer\Control Panel\System\Performance\Virtual memory. Click "Let me specify my own virtual memory settings". Enter identical settings in both boxes. I suggest 150 Mbytes. Click OK. Windows will tell you what you've done and complain and ask you if you are sure you wish to continue, click YES. Windows will then want to re-boot. Allow it to do so. After re-booting you can see the file in Windows Explorer as Win386.SWP. If you run games which require large swapfiles, or run many programs simultaneously, you may need to increase the size. But remember, the larger it is, the longer it will take to securely wipe on shutdown and the greater the wear and tear on your hard drive.

2. Use Notepad to write the following simple Batch file. Put it in the root of your C: drive. Give the batch file a name. I suggest W.bat, but any convenient letter or name will suffice, but NOT Win.bat or confusion will occur with the Win.com which starts Windows. Add it as the last line of your Autoexec.bat file. This will ensure it runs automatically on every shutdown, avoiding that "Oh, I'm too tired and can't be bothered, I'll do it tomorrow" syndrome.

W.bat =

CD\WINDOWS Win Mode co80 cd\ Scorch [win386.swp] /nodel Scorch [c:\progra~1\cache\*.*] Scorch [c:\windows\cookies\*.*] Scorch [c:\windows\history\*.*] Scorch [c:\windows\recent\*.*] Scorch [c:\windows\spool\fax\*.*] Scorch [c:\windows\spool\printers\*.*] Scorch [c:\windows\temp\*.*] Scorch [c:\windows\tempor~1\*.*] Scorch [c:\windows\web\*.*] Zapempty Zapempty

Note 1: Choose whichever of the above folders applies to your system, likewise add any others that are not shown but required.

Note 2: This simple idea will not work with Windows 98. You will either need to use Kremlin (but see warning below) within Windows prior to shutdown or exit to Dos and then run the Bat file manually.

CD\Windows followed by Win tells your computer to start Windows.

The subsequent lines only operate on shut down. Mode co80 is to prevent your computer hanging at the "It is now safe to switch off your computer" screen, but exits to Dos. Scorch is a freeware wipe utility. The format of enclosing the file to be wiped in square brackets is to minimize disastrous errors. Read the documentation that comes with it before use. There are several other options, which are best gleaned from the included documentation. Scorch is available here:

Http://www.mist.demon.co.uk/realdelete/index.html.

Ordinarily two wipes should be enough for all practical purposes. If you are a propeller head, then choose any number of wipes that you feel happy with. Remember, for anybody to recover data off your drive after just one effective wipe would involve dismantling the drive and a microscopic examination of each cylinder, sector by sector. Extremely costly and very time consuming, so only likely if you are considered an exceptionally worthy person to investigate! Extra wipes after the first are just icing on the cake.

Zapempty wipes the empty areas of your hard drive. It is freeware and available here: http://www.sky.net/~voyageur/wipeutil.htm. The Zip file contains several other useful wipe utilities, besides Zapempty.

Note 1: Some reports spread alarm that up to 35 wipes are required for effective wiping. Probably true, but there is more mileage in investigating your Windows Registry, together with any pieces of paper that might contain your passphrase, etc. The corollary is you should take the greatest care over what you install and what you keep in and around your computer.

Note 2: In earlier versions of the FAQ I recommended Kremlin as a wipe facility on closing down Windows. I have found a few problems with that. First it interferes with the exiting to Dos when running Partition Magic and similarly it caused severe problems when it wiped the temp files after running Live Update for Norton Anti-Virus. I had to uninstall Norton then re-install from scratch. My fault I should have switched off the Kremlin wipe facility before closing down. But in view of these problems, I have changed to doing all critical file wiping from Dos. Hence the rather longer Bat file above. It is cheaper as well, this way uses freeware programs!

..................................................................

That completes the first part of the FAQ. This second part has more to do with ensuring privacy online. It may be useful. Again it is offered in good faith. Please evaluate and make your own decisions regarding its usefulness before committing any resources.

Can you suggest any other precautions I should take to preserve my Privacy?

Common sense should prevail. It is quite pointless going to all the bother of installing powerful crypto to protect yourself from unwarranted intrusions into your privacy and then leave trails within your computer environment. Take care that you never write down your passphrase. So foolish, yet so many think they can hide it in the pages of a book, or stuck beneath a drawer. I would also earnestly urge you never to print anything from your computer that is the least bit compromising. Privacy is about containing your data within a secure environment, in this case within the encrypted container. Once it is outside that container, the container is redundant.

Moral: Never let anything out of that container that is not strictly kosher.

I download binaries (pictures) that may be compromising, am I safe?

No. Whilst you are online anyone could be monitoring your account. I am NOT saying your local ISP will do this, but they COULD! If your activities have aroused the suspicion of the authorities, this is the first thing they are likely to do, especially your Email.

Can anything be done to prevent my ISP (or the authorities) doing this?

Yes. You need to encrypt your data-stream to and from your desktop to a remote host. This host should preferably be sited in a different State or country to your own. I know of only two such hosts. Both offer a news service. One also claims it offers a totally uncensored all available groups service.

Who are these two Remote Hosts:

Cyberpass and Minder. I have had personal experience only of Cyberpass whose news feeds are restricted. You will need to additionally subscribe to a News Provider such as Altopia or similar for a fully uncensored news service. Minder say they have a full uncensored news feed from Slurp (a well known source for freedom of speech and anti-censorship of all kinds).

Before subscribing to any dedicated News Provider always check that they provide what you are expecting to receive. The easiest way to find this out is to ask them! No need to worry about revealing yourself, use your newly created Nym as your Email address.

How do I go about Encrypting to either of these remote hosts?

You will need SSH (Secure Shell). To quote from the SSH FAQ:

SSH is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp. Additionally, ssh provides secure X connections and secure forwarding of arbitrary TCP connections. If you want more info about SSH, visit their home page at: http://www.cs.hut.fi/ssh/#other

The FAQ, plus loads more info is available here:

http://wsspinfo.cern.ch/faq/computer-security/ssh-faq

There is an NG devoted to SSH at: comp.security.ssh Also, loads of Nym info at : alt.privacy.anon-server

There are freebie versions around, but I have no experience of them or where to find them. Doubtless the NG's will help you. You can buy a commercial implementation from Datafellows, called F-Secure. They allow a 30 day free trial period. F-Secure is available here:

http://Europe.DataFellows.com/cgi-bin/sshcgi/desktopreg.cgi.

Can I use Cyberpass or Minder as my local ISP?

Yes. Cyberpass now also operate as an ISP from anywhere within the United States at local call rates. It may be possible to subscribe anonymously, but that does not guarantee anonymity. I recommend you use them for a shell account. This does mean paying for two separate accounts, but that is for you to decide on how important is your anonymity.

What is a Shell account?

For anybody who does not understand the difference between a dialup and a shell account, the dialup is what it says. It is your normal account with your Internet Service Provider (ISP). A shell account is accessed after going on line with your usual ISP. With a shell account you log into your ISP then use the Net to make a connection to a remote server. All your Net activities, Email, Usenet, Web browsing are then done through this remote host. To get the full benefit you should use encryption from your Desktop to this remote host. If the remote host is located in another country, better still. To get the maximum benefit, you should ensure your registration with this host server is done anonymously.

Note 1: For you to use a remote host, you only require a dialup facility which allows the use of the Windows dialup networking protocol. Most ISP's will offer help in configuring the dialup connection from Windows. Regrettably, as yet there is no universal standard. Some offer software to help you set it up easily. Ask before subscribing. These dialup connections are usually cheaper than a fully blown bells and whistles ISP such as AOL. I have tested the system with AOL and it appears to work ok, but a waste of money if a dialup account is all you want.

Note 2: For those within the United Kingdom there are now at least two separate totally free ISP's. The CD software will configure the dialup connection and allow you to connect into a remote host. The free connection expects you to give your name, address and various other particulars such as age, sex, hobbies etc. But how will they ever know what you tell them is true or untrue? Of course this is no substitute for an encrypted connection, you could always be traced by the phone company.

OK, I've got my dialup working, how do I connect to the Remote?

The procedure with Cyberpass and F-Secure for example, would be to first log onto your ISP. Minimize its startup screen. You then start F-Secure. You are asked to enter your passphrase for logging into Cyberpass. F-Secure then contacts Cyberpass' server asking to open a connection. Cyberpass reply with their RSA public key. Your copy of F-Secure checks this key for authenticity from previous connections - very important to prevent intermediate hacking. It then generates a random 128 bit session key, encrypts it with the RSA public key from Cyberpass and sends it back with the request "let's use this key". The Cyberpass server now decrypts this message with its secret RSA key. All further data transfer between Cyberpass and your computer, including sending your Cyberpass password, are now sent encrypted using that session key with either DES, 3DES or blowfish (your choice) for the duration of that connection. Some servers only support DES or 3DES, I believe. Do NOT use DES. This has already been compromised and shown to be weak crypto by today's standards. 3DES can be slow. I recommend blowfish for speed and security. I also recommend disconnecting at irregular intervals and remaking the connection. This purges the system and ensures a new route to the host with a new session key.

Why not save money and just use Cyberpass as the ISP?

For a dialup account with Cyberpass, you rely on Cyberpass keeping your name anonymous and not monitoring your activities (unless they are compelled by a legal warrant to release your account details). If you have subscribed anonymously and Cyberpass thus have no idea who you are, you can nevertheless quite easily be traced immediately via the phone Company. But by coming into a shell account via another ISP means the authorities must coordinate their searches when you are actually online and work with probably a different authority in another State or country. Still possible, but so much more bother. With constant and irregular breaks to the host it becomes even more difficult to trace you.

How do I set up the Anonymous account with Cyberpass?

A Cyberpass shell account will cost 7.00 USD per month. The account must be paid six months upfront, or longer should you wish. Therefore, an anonymous shell account will cost you 42 USD per six months. You need to send Cyberpass a few alternative user names, plus your choice of an eight letter password (case sensitive), plus 42 Dollars.

You then watch the Cyberpass bulletin board at:

http://www.cyberpass.net/top/help/news.html until you see your user id posted up telling you the account is active. You will receive mail on first logging in which tells you your Cyberpass Email address.

Their address for payment is:

Infonex Internet Inc. Attn: Anonymous Accounts 8415 La Mesa Blvd. Suite 3B La Mesa, CA 91941

Do not include any personal information. They expect you to choose a username and an eight character password, case sensitive. Include a half dozen usernames just in case there are problems with prior use. Be imaginative, remember your username can be figures as well as letters. Keep copies of your proposed usernames and your eight character password, in case you forget them before the account becomes active.

Once your account is active, immediately change your password by typing "passwd" at the command prompt and following the on screen instructions. You will receive an Email on first logging on showing your new Email address.

Send your account details with the money. This does not compromise your anonymity in any way, provided you do not put a return address on the envelope! Do not send bills, send a money order. You can trust them to implement your account. I have found them to be excellent.

What about Minder?

The following is a verbatim quote from their system administrator:

"The service which provides our newsfeed, slurp.net, does not censor their feed for any reason. If the group you are looking for exists, they carry it. We do offer SSH logins and in fact we encourage our users to do so.

The price schedule for shell accounts (www.minder.net/services.html)is as follows:

1 month/USD5 6 months/USD25 12 months/USD50

Payments should be sent to:

Minder Network Services 69 South Locust Ave. Marlton, NJ 08053 USA

This is cheaper than Cyberpass and considerably cheaper than Cyberpass plus an additional News Provider. However, I have no experience of Minder, so I have to advice caution. Try them and see...

How do I configure my News Reader and Browser with Cyberpass?

Easy. Read the FAQ at http://anonymizer.com/ssh.html. Once connected via F-Secure, you simply minimize the startup screen and then use your browser, email, etc in the usual way. To ensure they route their connection through Cyberpass (or whatever remote host you choose) you need to specify "localhost" in the proxy connection settings. This is straying into the territory of information that comes with these programs. The Anonymizer FAQ explains it in detail and quite lucidly. The bottom line is, it ensures you are virtually anonymous with whomever you communicate and more importantly, the data is hidden from prying eyes. Minder is cheaper at around 5 Dollars per month. Please check with Minder for more details, www.minder.com. I have no idea whether they offer anonymous registration as does Cyberpass. If anyone knows anything, please supply feedback.

What about the data between Cyberpass and the News Provider, is this encrypted?

No. From cyberpass onwards it is in plaintext. If this bothers you I suggest trying Minder, they are certainly considerably cheaper. Until the News Providers take security seriously, you have no choice. May I suggest you all send emails to the various News Providers suggesting they start offering SSH encryption to their clients.

Can I be anonymous as far as other Web sites are concerned?

Yes. Visit the Anonymizer at: http://www.anonymizer.com/ - there are others, but I have no experience of them.

I use a dedicated News Provider, how do I connect?

Follow the Anonymizer help exactly as shown on the Anonymizer FAQ, but instead of inputting news.cyberpass.net as the news provider, enter your News Provider's site URL, e.g. maxim.newsfeeds.com for Newsfeeds. You will have to configure Agent (or whichever newsreader you are using) for a news server log in, exactly as now.

How can I post anonymously to Newsgroups?

ALWAYS choose a news provider that strips away your NNTP posting host address. There are several, the best of which is Altopia. Regrettably, Altopia usually has a very long waiting list. Another is Newsfeeds. Newsfeeds additionally claims not to keep any logs (I do not believe this, but I have no proof, it is just a hunch)

I would NEVER trust a third party that knows your identity. This means I would never recommend posting via a third party site offering you an anonymous account that requires your true Email address to sign up. Even if you managed to open an account anonymously (by sending money by snail mail with no return address or identification, other than your proposed user id and password), you could be traced by your ISP logins. This means so-called anonymous connections to hotmail.com and similar free Emailers could be traced back to your true ISP if someone were sufficiently motivated to make the effort.

What do you suggest to maximize my anonymity whilst posting?

My suggestion is to always use a Nym and post via nym.alias.net provided you

a. Always point your Nym reply block back to a newsgroup such as alt.anonymous.messages b. Use Jack be Nymble (JBN) with a JBN generated random conventional passphrase for the reply block. c. Post using Mixmaster chaining with at least three remailers d Use an encrypted channel to a remote host server such as Cyberpass c Ensure that you subscribe to this remote host anonymously

Provided you do all the above, you should be reasonably safe. It is still theoretically possible to do a trace, but it would involve a lot of effort.

Note 1: You cannot use Mixmaster for your reply blocks. Due to the greater anonymity of Mixmaster it is impossible at present for them to handle replies. However, you could and most definitely should use Mixmaster for all posting.

Note 2: JBN has a very useful feature to improve reliability. It allows multi-sending of an identical message through independent remailers such that only one copy will be sent out from your Nym as an Email message or posted onto Usenet. It is referred to as Replay. Read the manual for more info, well recommended.

How can I post graphics to NewsGroups?

Sorry, I do not know. I have never done so. My hobby starts and stops at encryption. However, it must obviously be similar to posting text (I think).

Can you offer any help in setting up a Nym?

Regrettably there are many pitfalls in setting up an effective Nym. The first one is in actually asking for the list of Nyms available. If Nym.alias.net is monitored for Nym list requests (possible) then any new nym appearing after such a request is obviously fairly easily tied to a particular Email address. I would suggest that this list request should only be done the once and if possible, sent to a different Email address to your usual one, possibly Hotmail. I know this sounds paranoid, but true anonymity is not easy to achieve. Yet another way, is to get the list of used Nyms sent to your true Email address, then set up a Nym several weeks or months later. Once you have a Nym, all future requests for the list should be sent to that Nym.

To be anonymous, you will need JBN, PGP and Mixmaster. JBN will help you configure these, including modifying your autoexec.bat file. I strongly recommend that all three programs be installed within your encrypted drive.

When you start JBN you will normally be shown the Message Folder. This is the default folder for all your Email and Postings to Usenet. However, to set up a Nym, you should use the Nym folder. Keep only your Nym configuration messages in that folder. Do not put your Email or Postings into the Nym folder, keep them in the Message Folder for better filing.

Hints for setting up a Nym:

1. Make certain that you have generated a new key for your Nym.

2. Make certain that you send this key with your first configuration message. Also, make certain that you sign your configuration request with this key.

3. Type in your chosen Nym, e.g. if "mynym" were your chosen Nym, type [email protected]. Also, most important, type "mynym" (without the quotes) into the name box, otherwise you will not be able to save your passphrases to a file and JBN will not automatically decrypt incoming messages. To save the details for automatic decryption, simply press Update within JBN.

4. Always tick the Send Key, Nym Commands, Create, Cryptrec, Nobcc and the Reply Block boxes, but keep the other boxes clear (at least until you are better able to understand their purposes).

5. For your first Nym I recommend keeping the reply block very simple, so simply press the Active button next to the 1 box for just one active reply block.

6. The first remailer should be Nym-Server (obviously). On the line Encrypt-Key, press the little "R" button. At the very bottom of the screen, you will see an instruction telling you to type a number of random keystrokes. Do so. This typing is used by JBN to seed a randomnly generated line of text characters. You will then see this line of random text appear in the Encrypt-Key line. Now press Set and this random text will appear next to the Nym-server and will be used to conventionally encrypt your reply block message with those randomn characters.

7. Further down the box, choose Anon-Post-To from the drop down menu in the first box marked Final Headers.

8. Now type in "alt.anonymous.messages" without the quotes in the adjacent box.

9. In the second line of the Final Headers choose Subject from the drop down menu.

10. Alongside this, type a subject that you will easily remember. You could press the R button and generate a random text line and copy and paste it into this window should you choose. Otherwise type something snappy such as, "Bill Clintons Private Mailbox" (without the quotes, of course).

11. Remember to press Update, to ensure that the chosen conventional passphrase is stored in your Nym Accounts registry within JBN.

12. Before sending, press Stats to update the stats list. When the Stats box opens, press Tools on the Menu bar and choose Update Cypherpunk keys then Update Mixmaster keys.

These steps are all mentioned in the excellent manual, but are sometimes forgotten and one of the reasons why people are unable to create their Nyms.

When sending, always (if possible) choose Mixmaster as your first choice of class of remailers.

Note: You cannot use Mixmaster directly for your Reply Block, but you can choose Cypherpunk Remailers that support mixmaster. If this sounds complicated, again, please see the manual. If it is too much, just point your reply block directly to alt.anonymous.messages and you will still enjoy first class anonymity without the worry that you may have done something silly. You can add extra reply blocks at a later stage, should you choose. Remember: the more parallel Reply Blocks, the greater the chances of you being identified, all else being equal. This is why many seriously paranoid people use alt.anonymous.messages as their incoming Email message dumping ground.

None of the above is in itself a panacea to avoid reading (and understanding) the JBN manual. You would be most unwise to attempt to create a serious Nym without some understanding of the possibilities available with this very sophisticated program. You would be blindly stupid to rely on it for anonymity unless you have studied the manual.

Conclusion

I must repeat that this is not intended as a definitive statement on computer security. It is offered in good faith as a starting point. Many will choose to implement things in a different way. That is what freedom is about. The important thing to remember is to use encryption, whatever else you do. To send Email without encryption is equivalent to sending a letter on a postcard. Fine for sea-side postcards but hardly a good idea if you wish to preserve your privacy.

Finally:

1. Never ask of anyone nor give anyone, your true Email address.

2. Never DL any file with .exe, .com or .bat extension from a dubious source.

3. For your own protection, never offer to trade any illegal material, nor ever respond to those seeking it, even anonymously.

Links to sites that can help you:

PGP download site: http://www.pgpi.com/download/

The PGP FAQ: http://www.cryptography.org/getpgp.txt

The Official PGP FAQ: http://www.pgp.net/pgpnet/pgp-faq/

ScramDisk: http://www.hertreg.ac.uk/ss/

BestCrypt: http://www.jetico.sci.fi.

SecureDrive: http://idea.sec.dsi.unimi.it/pub/security/crypt/code/secsplit.zip

Partition Magic: http://www.powerquest.com/

ACDSee: http://www.acdsystems.com

VuePro: http://www.hamrick.com/

Thumbs Plus: http://www.cerious.com

Kremlin: http://www.mach5.com/kremlin/index.html

BFA97: http://come.to/hahn

Jack be Nymble: http://members.tripod.com/~l4795/jbn/index.html

Zapempty/wipeutil: http://www.sky.net/~voyageur/wipeutil.htm

The SSH home page: http://www.cs.hut.fi/ssh/#other

The SSH FAQ: http://wsspinfo.cern.ch/faq/computer-security/ssh-faq

A commercial version of SSH: http://Europe.DataFellows.com/cgi-bin/sshcgi/desktopreg.cgi

Cyberpass: http://www.cyberpass.net/

Minder: www.minder.net/services.html

The Anonymizer: http://anonymizer.com/ssh.html

Winzip: http://www.winzip.com

For further reading and many security related links and a glossary of security terms try here: http://www.io.com/~ritter/GLOSSARY.HTM

For some excellent information about PGP try here:

http://www.stack.nl/~galactus/remailers/index-pgp.html

.......................................................

If you believe any part of this FAQ is wrong, misleading or could be improved, please post your comments and I will take them onboard.

To respond to me personally, please email me at [email protected] and include your PGP key with your message if you expect an encrypted answer.

Note: I can only respond to RSA keys.

My Public key:

Type Bits/KeyID Date User ID pub 2047/7CECC929 1998/07/06 Doctor Who

- - - - - - - - - - - - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia

mQENAzWgNFgAAAEH/1N7GxF+PnMgQf7azm1eFqSqssyhMAWDybiEIiqd3BDCoKJ9 zzxfvSIicAKPAYTlM5m18L8FCPNacvFnhY2Zl2wzWZikLu19uJ+3m7KzCcUgVRe7 3INqsmP+XNjmt4OfRInGUWLMNgwNQFZEubezfsZGqr5w2JUi5OzlHzGWCDpVu/00 4KFEMoB2FwAk366+ignHYzlOseOHE5QMVJJNmw2k6WOaLzR4k1jkyds2ooynbpBf C3K7PUsvVsDkQm/iKbVKbjDJBuuBMwWb+V1KQdSSM93dpba/aoAZuiax0R8JK3yJ HEJvvaXKUqKo54XTNZIjpFItRlWGwkv8BnzsySkABRO0JERvY3RvciBXaG88ZG9j dG9yX3dob0BueW0uYWxpYXMubmV0PokBFQMFEDXzUWvCS/wGfOzJKQEBHAIH/j5/ 7Ibwl4+1RKQXzECtfJKQqyoDKxWOKq08sbfq7n88BC3cwcCXeGf40SH5jeqQFvRA q+wokPy21mU7tcuj/dOxNB03q/jdUFhEVUnUWvSLHErltv+GcPaUF3K4PjLM/LfX 5FSln84wokZ8MClbiWSCGFhmpE/Y3dNj1tUoxR5dlc9gNDWL4f8dKOqa/cfxxsyK l6LfkWVEfVjfRiaHLuEQ6e6w2dT+aqy4bCbF/2NMIcn8vGxW2Yo9cvkMAoc0FMKm Pn3kw3NxcOdGa2FvgrK68TwBAUKAPsxnNJeGNDOFbn/CkW5d+jtHdDQcvrTI9P6X y45X+ZjNAm8JAM4Z7Mk= =BNk+ - - - - - - - - - - - - -----END PGP PUBLIC KEY BLOCK-----

.........................................................

Revision 10.3

-----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: cp850

iQEVAwUBNqCLoMJL/AZ87MkpAQEcuwf/RDAlOs2z1LAK/vq01D2knRZP3l9Xv4Ft odhgMny6XUVuAYRBzj0ixDrYeS40W0bYYBMrVf3ShiyzbgORif0FTX1xFjVIn1AY LM+xlIMhtQ0dj83ZaeyUO3CLNtiDbPeSMLfRqX4yWrkv++8MJojFa8O5ETaXXtVN JMs9rdF98U9+KN+52H9UPy4X2691qpk1AoktHo6CcMOU5oOr5yXjiJz91/zlIGIu yLA6w0HlEGvDCOFzx03uBDjEUW1k5V54wbl6UPPZxjJX+g7PWpdxuq8hYqzjogrx r78pvm465B+/SEGX6GC2nfPxS5iCGicZ8/lhbxVzgED1nOUQyLQJYQ== =lpZh -----END PGP SIGNATURE-----