Silk Road forums
Discussion => Security => Topic started by: PumpkinYeti on December 02, 2011, 05:52 am
-
Well I -think- I have GPG figured out for the most part...
But now my issue is that when you open GPA, it's plain as day what my username is on the site (the owned key there with the yellow wrench). I have my OS account name password protected, but I'd like a second line of defense in case I forget to log out. And my OS doesn't make it easy to add password protection to the folder.
What's the best and/or easiest way to protect that file from being opened by people who I don't want to open it?
I'm thinking either a third party program for simple password protection, but I'm concerned if the file can still be view if someone used a different OS to look at the files on this drive (I've heard Windows password protected files can still be seen if booting Linux on it, is that true?)
What do you guys do to protect the file from being opened by someone else?
-
I would recommend having a GPG stuff in a truecrypt file, with in a hidden truecrypt file.....at a minimum. Better would be to throw that and other incriminating things like tor bundle, bitcoin, keepass all in there and put in on a thumb drive.
-
[quote}(I've heard Windows password protected files can still be seen if booting Linux on it, is that true?) {/quote}
if its a ntfs or fat windows drive/partition the yes could be mounted on another linux or windows setup, could view the files but still not be able to view contents if encrypted.
-but that doesn't matter if they can't crack the encoding (who cares whether the view the machine code like view...}
i wouldnt depend on any password nor user/password type strategics built into windows = made by microsoft.
its usually a 3rd party encryption of entire drive or pgp for example that would be trustworthy.
ultimately move away from windows you have more options available but need to know what you are doing with it.
-
For those of you still deciding, I took caffeine_me's advice.
I now have a thumbdrive encrypted with TrueCrypt that I keep all the sensitive stuff on. Tor, PGP, Keepass, and other unmentionables.
However, I think I'll remove Keepass OFF of it to keep my TrueCrypt password on it. That way Keepass master password kinda controls EVERYTHING.
I think its a good system.
-
Not a bad idea of keeping your truecrypt password in keepass, as long as you trust their encryption (Truecyrpt is only as good as your password) and you don't have your other log ins that directly link you to incriminating websites they can then use to log in to your shit and have all evidence. I just keep my truecrypt password in my head only, and practice it daily ::) And I don't forget the non-hidden password encase I ever have to use it. :-[
-
I have a sorta related question that I don't think deserves it's own thread. I started using SR and Tor and PGP and all that about a month ago without really understanding alot about it, or whether I would actually be interested in following through with joining the community and become a regular user. Now that I have, I'd really like to move all of this stuff onto a thumb drive. I've got TrueCrypt and understand how it works, and the Tor bundle is easy enough, but I'm not sure how to deal with PGP. The install I'm using has my key and all the keys of my vendors that I want to be able to keep, but it's sitting right here in plain view on my desktop, and with every order and each passing day, I want to remove it more and more.
How do I go about importing all of this from my current install to a new one on a thumb drive. Can I install Kleopatra on a thumb drive that doesn't have an os/isn't bootable? Basically, I still want to use this computer for all my activity here, but only when I pop in the usb, and then have no traces on my home os when I remove it. I'll be picking up the thumb drive probably tomorrow, so I'm trying to get a head start. I assume I install everything on the drive and then use truecrypt?
If someone could give me a quick rundown on the process I'd really appreciate it. My biggest concern is keeping all my PGP stuff intact, so I don't have to create new keys and re-import all my vendors.
-
I'd recommend that you use gpg4usb rather than gpg4win; fits on a thumbdrive/encrypted volume and doesn't need any kind of installation.
I myself had to find an alternative to gpg4win since Kleopatra wouldn't start at all.
-
Ok, cool. But can I transfer my keys to gpg4usb from my current install? I suppose I should just try and figure it out when I get the usb, but I'm trying to get an idea if I'll have to start over with my gpg.
-
You should be able to just move those items from the desktop to the thumbdrive and use TrueCrypt.
FYI, I deleted PGP4Win, then reinstalled it using the thumbdrive as a destination folder. When I opened it, everything was there. Not sure how.
In any case you sound like me at the moment, trying to be as careful as possible and create as many hurdles as I can to shore up my defenses. I downloaded File Shredder to totally remove files deleted files on the hard drive, you should look into that if you haven't. Also installed PeerBlock and Keepass.
-
...I deleted PGP4Win, then reinstalled it using the thumbdrive as a destination folder. When I opened it, everything was there. Not sure how....
It sounds like you may have moved the application but not its data files. Search your entire system for "pubring.gpg" and/or "secring.gpg" to see if they might still be lurking on your hard drive. (If you're running W7, they may be in C:\Users\username\AppData\Roaming\gnupg.)
-
...I deleted PGP4Win, then reinstalled it using the thumbdrive as a destination folder. When I opened it, everything was there. Not sure how....
It sounds like you may have moved the application but not its data files. Search your entire system for "pubring.gpg" and/or "secring.gpg" to see if they might still be lurking on your hard drive. (If you're running W7, they may be in C:\Users\username\AppData\Roaming\gnupg.)
Ugh. You are correct. Both are there. Thanks for pointing that out, I appreciate it. Their uninstall function must suck.
What do you recommend now? Delete the folder and reinstall on thumbdrive again if necessary? I've only got my key and a single vendor's so it's no trouble.
Then I'll want to run File Shredder again... this paranoia thing is time consuming hehehheh I guess I'll have it all set up pretty well before I get too involved...
-
...What do you recommend now? Delete the folder and reinstall on thumbdrive again if necessary?...
I can tell you what I did to work around this problem on a W7 system. I copied the directory to where I wanted it, securely deleted the original, then used Sysinternals' Junction utility [ technet.microsoft.com/en-us/sysinternals/bb896768 ] to create an NTFS junction point (symbolic link) to the new location.
Once you've got Junction installed -- it's a single 147kB executable, no installer -- it's as easy as typing "junction drive:\oldpath\oldfoldername drive:\newpath\newfoldername" into a command prompt window. The junction point will persist until you remove it, so GPG4win will want the thumbdrive to be present each time you run it.
(I wouldn't be too suprised if there were a command line switch for GPG4win to accomplish the same thing -- maybe someone here can tell us -- but I didn't feel like looking it up at the time.)
-
This is a good tutorial on how to move the data directory:
http://superuser.com/questions/246177/how-to-store-kleopatra-pgp-keys-on-usb-drive
-
Thanks fellas, much appreciated!