Security Software – Encryption & Steganography

[RMK 3]

I’m a bit a closet tech geek and going back the early 2000’s got into encryption and steganography software. Over the past years, I’ve lost track of the newest/best programmes.

For the tech people here, what are the best picks for steganography or encryption today?

In prior years I used stuff like Invisible Secrets and Camouflage; also used one where the carrier file could be a MS Word file itself (can’t remember name) instead of a JPEG. Used PGP when you had to get it direct from MIT (and was technically illegal to use outside of US). Use Tor now and few other programmes.

Invariably searching (in depth) for this kind of stuff takes you to dark places on the internet and murky hacker communities. I once had someone take control of my computer (don’t know how he/she did it). I was in some hacker site/forum/room and someone put up a message on my screen “WHO ARE YOU, WHAT ARE YOU DOING HERE? – YOU’RE IN MY WORLD NOW”, then started to manipulate my screen. I had to pull the internet cable out wall to stop the attack. Needless to say I never revisited that site/room again and realised I should probably not mess around with hacker community sites unless I really knew what I was doing.

I’d be interested in knowing what the pros or tech heads here think is good or waste of time re latest software.

"Pain is the best instructor, but no one wants to attend his classes"

[sfzombie13 324]

depends on what you want to do. i would (and still do) use truecrypt on clients' data. i don't have much use for encryption other than that, it is really no use in trying these days. i have heard of some other good ones, but that is the one i have experience with. i used to try stuff like that until i got into security and found out just what was going on.

also, when sending secure things in email (not often), i usually encrypt files and send them as attachments and text the receiver a password, just a long phrase at least 25 characters, all lowercase, like, :whatinthehellisthepasswordtothisdocument. it is incredibly hard for a computer to break, and extremely easy to remember.

_________________________________________
Si hoc legere scis nimium eruditionis habes

[Guest]

  sfzombie13

depends on what you want to do. i would (and still do) use truecrypt on clients' data. i don't have much use for encryption other than that, it is really no use in trying these days. i have heard of some other good ones, but that is the one i have experience with. i used to try stuff like that until i got into security and found out just what was going on.

also, when sending secure things in email (not often), i usually encrypt files and send them as attachments and text the receiver a password, just a long phrase at least 25 characters, all lowercase, like, :whatinthehellisthepasswordtothisdocument. it is incredibly hard for a computer to break, and extremely easy to remember.

+1 for Truecrypt. It does a very good job (despite some of the recent news).

Stego isn't really useful as it's easily detected.

Another option is the Enigmail plugin (PGP/GPG) for Thunderbird. This enables you to use an existing email account (such as Gmail or Yahoo) and still have encryption of messages and attachments.

Entropy (a lot of characters) is better than a shorter, complex password.

Change crypto keys every 60 days or so if you use them regularly. AES-256 is considered secure enough for most things.

The One Time Pad is totally unbreakable, but has drawbacks. See Wikipedia.

It all depends on how paranoid you want to be.

"The mouse does not know life until it is in the mouth of the cat."