this post was submitted on 29 Oct 2023
99 points (97.1% liked)

Privacy

31996 readers
524 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I usually use Age, I'd like to hear your opinions.

all 38 comments
sorted by: hot top controversial new old
[–] ctr1@fl0w.cc 30 points 1 year ago (1 children)

I use LUKS-encrypted LVM volumes to store everything (and transfer via SSH or HTTPS), but would use GPG if I needed to encrypt individual files.

[–] andrew@lemmy.stuart.fun 10 points 1 year ago

And tar | gpg is handy if you want more than a few files encrypted for transport.

[–] BombOmOm@lemmy.world 22 points 1 year ago

If it is full disk encryption or for file containers I plan to update regularly, VeraCrypt. It's quite capable and has quite a number of encryption options.

For individual file or folder encryption, 7zip. It's a very straightforward program that is worth having installed given how much good of an all-round zip program it is.

[–] ikiru@lemmy.ml 17 points 1 year ago

I've used VeraCrypt successfully to encrypt volumes/folders.

It's worked great for me, although I recently started encountering issues accessing files but it seems the problem is with my external and not with the encryption method. Hopefully I can recover those files someday. Backup your backups and then backup again.

[–] ExtremeDullard@lemmy.sdf.org 11 points 1 year ago* (last edited 1 year ago) (2 children)

My volumes are PLAIN dm-crypt encrypted (i.e. LUKS without the LUKS bells and whistles) and the key is stored on my Vivokey Flex implant.

I mount them using scripts that combine crypsetup and vivokey_pam, with the ubiquitous ACR122U RFID reader: the systemd service file calls my script, I present my implant to the reader and voila: the volume is mounted.

[–] nikscha@feddit.de 4 points 1 year ago (1 children)

Can you tell us more about the implant? Is it painful to install? Is it uncomfortable to wear? Where do have it? What other things is it useful for?

[–] ExtremeDullard@lemmy.sdf.org 8 points 1 year ago* (last edited 1 year ago) (2 children)

Is it painful to install?

Honestly, yes. It's not fun when someone slices your skin open and then lifts your skin to create a pocket, even with lidocaine injections. But usually it's 10 teeth-gnashing minutes and then it's over.

That's for big planar implants of course. The smaller ones are glass tubes the size of a grain of rice and injected under the skin, exactly like chipping a pet. It's 10 seconds and then it's done. But those glass implants have reduced performances, especially for things like doing cryptography on the chip, which requires more power.

Is it uncomfortable to wear?

No. I've had mine for years and I honestly only remember they're there when I touch them.

Where do have it?

My Flex is in my right wrist. I have other implants (11 in total) in other locations. Mostly in my hands.

What other things is it useful for?

The Flex is used for cryptographic purposes (TOTP and computing hashes, the main purpose of the latter being those encrypted volumes). It's also used as a token to unlock my banking app on my phone.

All my implants are used for many things. I guess the best way to show them to you is to point you to this post I wrote a year and a half ago, in which I gathered all the videos I made to show their use in one post.

[–] LiveLM@lemmy.zip 2 points 1 year ago (1 children)

This is seriously impressive.
Did you use to post on Reddit? This is not the first time I've ran across DangerousThings and I think the first time around might have been caused by you lol

[–] ExtremeDullard@lemmy.sdf.org 3 points 1 year ago

I post on Reddit infrequently. It's not a very nice place to be. I might have posted something about my implants there in the past but I doubt it: I tend to avoid mentioning them on there because it invariably attract unwanted comments from religious nutcases.

You may have read something another implantee has posted. I'm far from the only one out there :)

[–] 314xel@lemmy.world 1 points 1 year ago (1 children)

While I find your implants path very interesting, impressive and Cyberpunk worthy, I would't use any externally accessible keys / fobs / etc myself. I wouldn't want someone to unlock my stuff while I'm sleeping. Same reason I avoid face detection unlock. My mind is the best safe out there, I can memorize a very lengthy passphrase and have no problems typing it.

[–] ExtremeDullard@lemmy.sdf.org 2 points 1 year ago* (last edited 1 year ago)

It's not very likely, unless you're a heavy sleeper who happens to sleep in unsafe places regularly - or your partner at home is up to no good.

Also, implants are kind of finicky with respect to reader placement, because they're sitting under a layer of skin full of conductive water, and they're usually not symmetrical, so the reader has to be positioned a certain way to score a good read. You as the implant owner know "the move" (in fact, it quickly becomes second nature and you never think about it anymore) but unless you explain it to someone or they know about this shortcoming, they'll have a hard time getting a read. That's assuming you don't wake up because someone is touching you, because the read range is very short - like 1/4" when the reader is ideally placed - and you don't hear the loud bing from the cellphone.

But yeah, you're correct: strictly speaking, if you have a good memory, a long and complicated password - or a mental "recipe" to make one - and a healthy habit of changing passwords regularly is better. Or better: a password in your head and an implant as a second factor.

[–] two_wheel2@lemm.ee 4 points 1 year ago (1 children)

Geez this guy secures. Impressive

[–] netchami@sh.itjust.works 8 points 1 year ago* (last edited 1 year ago)

I use GPG if there's just like a single file I need to encrypt. When I have to sync an entire folder to the cloud though, I use Cryptomator. I have also used VeraCrypt before, as well as TrueCrypt back in the days.

[–] jet@hackertalks.com 7 points 1 year ago (1 children)
[–] Coasting0942@reddthat.com 3 points 1 year ago (1 children)

Don’t think those guys update that much. Still have libreddit for Reddit

[–] jet@hackertalks.com 2 points 1 year ago* (last edited 1 year ago)

? There's no mention of libreddit on the encryption page

https://discuss.privacyguides.net/search?q=

Their community is very active, you could mention it to them

[–] hackris@lemmy.ml 7 points 1 year ago (1 children)

tar | gpg.

I'm pretty sure there are "better" ways. Can someone please recommend?

[–] sxan@midwest.social 9 points 1 year ago (1 children)

Right now, GnuPG is absolutely safest for individual files. There's no age client for Android, and while I like it, I am allergic to encryption systems without a robust ecosystem.

Someone else just pointed out that DroidFS can read gocryptsfs directories, which greatly expands my confidence in gocryptsfs - which is my preferred short term directory solution. For archival purposes, though, tar+gpg is the only thing I trust to be available and working in a decade.

[–] hackris@lemmy.ml 2 points 1 year ago

Agreed. Whenever I encrypt stuff in bulk, I usually do it purely for archiving purposes and tar seems to be the most battle-tested archiving thingie

[–] RovingFox@infosec.pub 6 points 1 year ago

DroidFS on phone and sync the folder with laptop using Syncthing. On laptop I use whatever can decrypt gocryptfs.

[–] WTF@feddit.ch 6 points 1 year ago (1 children)
[–] sxan@midwest.social 3 points 1 year ago

Holy shit, I didn't know about DroidFS... lets me use my gocryptfs folders?? That's awesome! Thank you!

[–] OrkneyKomodo@lemmy.sdf.org 6 points 1 year ago

Cryfs. I sync the directories with syncthing.

[–] M500@lemmy.ml 4 points 1 year ago (1 children)

Why do you use age? I’ve heard of it before but never used it.

[–] wtry@lemm.ee 5 points 1 year ago

I've heard it recommended and I've never had a problem with it.

[–] scytale@lemm.ee 4 points 1 year ago

7zip for quick encryption of individual files. Veracrypt for portability of a large number of files.

[–] library_napper@monyet.cc 3 points 1 year ago
[–] parameter2938@lemmy.today 2 points 1 year ago
[–] Johanna4815@lemmy.blahaj.zone 1 points 1 year ago

I'm still waiting for a dumb user friendly system compatible with all those security tokens being sold like Yubikey

[–] pineapplelover@lemm.ee 1 points 1 year ago

Tbh man, I use 7zip. I mean I know it's not all that secure from law enforcement or anything because with the quantum shit going on they're gonna break that in no time.

[–] MonkderZweite@feddit.ch 1 points 1 year ago

Per file/folder, via gpg and pass.

[–] Hotzilla@sopuli.xyz -2 points 1 year ago* (last edited 1 year ago) (1 children)

Base64, it is convenient, and doesn't cause encoding issues. It only bloats file size 3x.

[–] jwt@programming.dev 4 points 1 year ago (2 children)

Isn't base64 purely encoding, not encryption?

[–] ErwinLottemann@feddit.de 3 points 1 year ago

yes, base64 is not encryption

[–] Hotzilla@sopuli.xyz -1 points 1 year ago* (last edited 1 year ago)

Yes, that was the joke...