These seem to provide the best of both worlds. SMartcards contain the PGP keys which in turn are protected by a pin. Should several incorrect attempts to enter the pin have been made, the card with shutdown.

h**p://openfortress.nl/news/projects/gnupg-smartcard/project-2005-04-02-00-02.article

h**ps://www.privacyfoundation.de/wiki/CryptoStickSoftwareEn

h**p://www.gossamer-threads.com/lists/gnupg/devel/50654

h**p://www.gnupg.org/aegypten/development.en.html

 

I strongly recommend against using smartcards of any form for any purpose other than normal authentication in lower-security licit situations.

There is no substitute for a secure non-Windows, non-OSX system, on which anything will be flushed down the FDE memory hole.

From a infosec standpoint, the smartcard with an embedded secure cryptoprocessor was developed primarily for non-technical klutzes unable to be trusted with secure passwords, to prevent their master keys from being compromised from a trojan-riddled or otherwise compromised system.

There are many situations in which these cards are useful. Hardened, gray or black channel security by competent persons is not one of them.

If the whole drive is protected by dm-loop, Truecrypt, or a similar scheme, the system is kept absolutely clean of malicious software and opportunities for exploits, and the owner is diligent about locking it when not in use, then what has been created is a black box which becomes utterly useless to an attacker as soon as power is cut or a lock key pressed.

Consider that outside of perfectly licit use, even possession of a public key with a certain fingerprint is enough to imply communication if they have encrypted messages from an indicted endpoint headed to a suspected endpoint. Being caught with the wrong public key can be evidence in and of itself even if they never decrypt the message contents, because it implies that the possessor was the recipient of messages from another source - guilt by association, and possibly a vital evidentiary link in a conspiracy case.

The whole system has to be a black box.

If you work out how to lock the OS from DOS-screen, that I'd be interested in. I've had several PC/Laptops "lost" to LE, and opened awfully fucking quick, then again, they have physical access, so stopping them is painful (remembering codes that can't be written down is a pain in the arse).

One thing I would be VERY interested in is in encrypting the material and the browsing history with IP's (they are routinely called upon to store several years worth of data - which is then accessed when a physical address is available and a request put in). As far as I am aware, noone has successfully argued that that information is either confidential or protected, so no warrant is needed. If anyone has a decent idea on how to fuck that up, I'm all ears (maybe a bot that obfuscates all urls with a certain prefix - or which fries storage equipment in the racks - ie. like either stuxnet/duqu).

The reality is that the people who built your HDD (or at least those who designed it) know how to get around it and they live and breathe for DoD contracts. What people say they do and what they do actually do are usually two very different things. What we'd like to do, in regard to to securing systems, encryption, non-MS products is compromised by what we do/who we are in the real world. OpenOffice is a pig of a WP system, Writer/Impress look like shit compared to the MS Office versions, while a lot of other programs we may use are similarly compromised by a lack of non-MAC/IBM compatible software that is a viable alternative to the mainstream versions (FFS I have almost 40% of the visitors to one site I checked the stats on were using NT and/or IE6).

We aren't dealing with State Secrets, we aren't building rockets and/or nuclear weapons, and we aren't dealing with child pictures (and if anyone is, please submit your full name, postal/residential address to me), so why get so fucking paranoid? That said, it is exceptionally simple and parallels the status quo outside of the internet... If you don't want to do the time, don't do the fucking crime. By all means, take whatever options present themselves to reduce the evidentiary burden you will be faced with after the fact (you're a mug if you don't), but don't have anything you cannot fuck up/obfuscate or otherwise destroy on your system.

Yeah

Trouble is I've put in Locks/encryption at different times, I've also then been picked up and within 30-60 minutes I start getting asked probing questions that can only be related to files within the "locked" file system(s). Trouble is, who actually disconnects power to devices? Who remembers umpteen passwords (how many remember some and use varying crypto tools to generate (and reaccess) a bunch more? - big problem that, Ultra was cracked because one signal operator resent the same message in two different keys), who uses unrecoverable anything (more than once...)?

Not many people, it is too bloody difficult, too hard to recover from and too time consuming. If there is something worth protecting, sure... But the vast bulk of the material most people have is downloaded off the internet in the first place. Encrypting file systems on the physical systems is akin to locking the windows and leaving the doors open. With a physical address and the router, telephone line, etc. it isn't going to take them long to track down the ISP is it? Regardless of how well encrypted the sites visited are, or what method was used to access them securely, the files themselves are logged, not just the names, but the binary code and quite probably the formatted documents. It pretty much negates any benefit to most file encryption systems (war-driving isn't the answer for me, I'm personally unwilling to draw the crabs while driving around with the laptop in order to avoid getting noticed - the cure is potentially every bit as bad as the disease).

Like I say, the biggest security headache for most is still that data log at the ISP. It isn't what will get you caught (unless you are truly fucking unlucky), it is what will stop you getting away with whatever. Lots of neatly recorded, easily accessed and machine logged evidential material, filled with whatever nefarious crap you've downloaded (and which you probably have on your HDD - or what the Court will quite happily presume you have on your HDD in the absence of proof to the contrary - nb. the shifting evidential burden in criminal cases). I'm actually quite interested in seeing how the Court's deal with this issue, it is akin to allowing full-time surveillance on every person in the jurisdiction (regardless of whether it succeeds in gaining evidence or whether the communication system is used) without judicial oversight (I for one cannot see how it is Constitutional - the Commonwealth can make laws for telephones, etc. but they are still subject to the rule of law). That is why despite being 'known' it is yet to be tested, nobody has mentioned the use of this intelligence gathering when an innocent person is investigated and until they do... (Courts are reticent to release people who've done something they disagree with when they can simply work around issues).

For those who are struggling to comprehend what I'm talking about, Telecommunications Data Retention is the term & they are bringing laws in to that effect here (to mandate what has been common practice and supposedly to ensure safeguards, we'll see or we won't, that is the point really). Every keystroke that is recorded (ie. uploaded to the internet) passes through the ISP on the way to the internet proper (regardless of proxies or anything else). Time, date, location and the content of the material, as well as what is downloaded (everything that you see in your browser is downloaded). Given the targets of these laws are the kiddie fuckers, half-assed wannabee hackers (like anon and wankers like Assange - who is supposedly an Australian) and the rest. We of course can expect to be targeted as well (all in the interest of nannying dickheads).

Use Disk Cleaner Portable 1.7.1645 http://portableapps.com/news/2011-01-16_-_disk_cleaner_portable_1.7.1645 (standalone app for USB thumb drive)

Disk Cleaner is a temporary files, cache and history cleaner for a variety of software on a local Windows PC. Disk Cleaner can also be used by power users to clean specific items. All that is needed to create a simple plug-in is a text editor, such as notepad.

---

Tracks Eraser Pro 8.72 http://www.acesoft.net/

---

CCleaner http://www.piriform.com/ccleaner

I read the card support only three 3k keys. Is this size sufficient or is safer to use 4096b keys?
The card is only good for storing keys for email encryption, there is no support for using it for disk encryption - boot only with the card. Or am i wrong?

Chinese 'attack US DoD Smart Cards' with Sykipot Malware. http://www.networkworld.com/news/2012/011412-chinese-attack-us-dod-smart-254927.html