Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Bridgetown Botanicals CBD Concentrates   Kraken Kratom Red Vein Kratom   Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   Myyco.com Golden Teacher Liquid Culture For Sale

Jump to first unread post Pages: 1
OfflineBroof
Stranger
 User Gallery

Registered: 03/10/21
Posts: 25
Last seen: 1 year, 4 months
How to encrypt and protect my computer?
    #27280379 - 04/24/21 12:10 PM (3 years, 25 days ago)

Im kind of on a war path right now after the whole Geek Squad thing. Everyones a fkin Narc now? Jesus.

Anyways. I got an encrypted email and a VPN but im interested in encrypting my hard drive itself. Any suggestions on  And any other tips on making my computer Iron clad as possible?

Extras: Filter Print Post Top
Anonymous #1

Re: How to encrypt and protect my computer? [Re: Broof]
    #27281384 - 04/25/21 10:24 AM (3 years, 24 days ago)

VeraCrypt offers a full drive encryption option, likewise there are relatively good external hard-drives that have keypads for decryption and the PCB is keyed/hashed to the data, so no swapping PCB for a different code. (Two wrong entries will wipe the drive!)

Do note that using a VPN alone isn't adequate. If you ever logged in with an account or created it without the VPN active, there are logs that will reveal you. Windows OS is a snitch, it's spyware built ontop of malware. Keep a windows PC for gaming but convert your important computer to Linux. Whonix will also keep all of your data forced through the VPN but I recommend it on Linux.

There is no "secure" only degrees of confidence.

For small stuff like sending a mailing address in trades, Privnote is ok but bear in mind that it is a middle man. PGP + Privnote is a much better option for more sensitive things.

A note on phones. If you don't want to be associated to specific people, leave your phone (pocket snitch) at home. Those devices ARE always listening and mine has a special, noisy place to drown it out. Reverse warrants are an unfortunate reality, likewise people with access to your phone's lifetime tracking data can determine who you know and how well you know them based on how many times you visit their home/work, and how often your phone is in close proximity to theirs.

I also recommend Eraser and to routinely use it.

Despite all of these precautions don't keep anything that can be used against you and don't use agents of the government, aka Geek Squad. Remove the hard drive before taking it to any "servicing" center, or do your own fixing. Computers are effectively legos now.

Edited by Anonymous (04/26/21 10:35 AM)

Extras: Filter Print Post Top
OfflineNorthernerM
splelling chceker
 User Gallery

Registered: 07/29/12
Posts: 14,828
Loc: FNQ
Last seen: 9 hours, 6 minutes
Re: How to encrypt and protect my computer? [Re: Anonymous #1] * 3
    #27282138 - 04/26/21 01:21 AM (3 years, 24 days ago)

If you're using Windows you are better off using BitLocker to encrypt your drive. Veracrypt prevents secureboot from functioning, which is then makes you more vulnerable to bootkits and rootkits.

Using Linux is always a good idea in terms of security. There's just so much less malware and other compromises designed for it as most effort is put into breaking Windows. Security through obscurity. If there are essential programs you use on Windows either dual boot or run a virtual machine, but either way make your daily driver Linux.

Browser plugins offer a great deal of added security as well, absolute must. I use NoScript, uBlock Origin, Privacy Badger, HTTPS Everywhere, Facebook Container and others. They take some training but the effect is great. No ads, no tracking, no popups, no malware, no bullshit. Even YouTube plays without showing ads. Use Firefox, don't use Chrome.

If you are using Windows and can't move to Linux I would I highly suggest you make a restricted execution policy and have your daily user as a standard user. Don't drive as an admin. This will stop 99% of malware and backdoors.

Whatever operating system you are using change your DNS to CloudFlare (1.1.1.1 and 1.1.0.0). Even if you are using a VPN you can still be tracked by DNS leaks if you keep using your ISPs DNS.

Don't put any evidence of any illegal doing on your computer. Just don't do it, ever. I've even seen people loading photos of large distribution amounts of substances on here. Not smart hey... really not smart at all. Heroes go to jail.

Aaaand finally, if you're going to going exploring the darknet just use Tails. Just do it. No excuses.

Hope this helps.


--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.

Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,392
Last seen: 2 days, 22 hours
Re: How to encrypt and protect my computer? [Re: Northerner]
    #27282158 - 04/26/21 01:58 AM (3 years, 24 days ago)

Excellent advice!

Extras: Filter Print Post Top
Invisiblefungusul
Fungus Kingdom


Registered: 07/16/20
Posts: 1,065
Re: How to encrypt and protect my computer? [Re: Alan Rockefeller]
    #27282664 - 04/26/21 12:43 PM (3 years, 23 days ago)

Good advice.

I strongly recommend against using Windows unless you have no alternatives. If you must use it, then go with Enterprise edition which has more security options, local policies and less spyware. Editing local policies is the recommended way to restrict what a user can do. As Northerner has mentioned, don't run your computer using an administrator account, just use a restricted standard user.

If you think that you are done, then run some SCAP tools. Read more https://csrc.nist.gov/projects/security-content-automation-protocol/ and https://public.cyber.mil/stigs/scap/.

BitLocker only comes with special Windows editions like Pro, Enterprise. See more here https://www.microsoft.com/en-us/WindowsForBusiness/Compare. I would not put too much trust on any encryption coming from M$. Their source code in not open so you must blindly trust them. If you want encryption that you can trust, the only way is the open-source way :wink: .

VeraCrypt is using an updated open-source code forked from TrueCrypt 7.1a. The creators of TrueCrypt dropped the project because of security concerns, so that leaves some unanswered questions. You could use it to create encrypted containers instead of encryption of entire hard-disk. If you use it, make sure to specify multiple key files, very long password and algorithm a combination of serpent-twofish(which is slower than AES, but stronger).

For USB storage, just can buy one with hardware encryption and epoxy intrusion prevention. Good ones are coming with FIPS 140 level 2-3 mentioned in their name or specs.

Regarding hardware acceleration for encryption, your computer's processor should come with extended AES-NI and also a TPM processor.

If you need something more secure, you could use QubeOS https://www.qubes-os.org/.

Extras: Filter Print Post Top
OfflineNorthernerM
splelling chceker
 User Gallery

Registered: 07/29/12
Posts: 14,828
Loc: FNQ
Last seen: 9 hours, 6 minutes
Re: How to encrypt and protect my computer? [Re: fungusul]
    #27282751 - 04/26/21 02:00 PM (3 years, 23 days ago)

BitLocker uses AES256 encryption, practically unbreakable with current technology. Doesn't matter that MS implement it. There's nothing to show that they are copying private keys for it up to servers, and if they were they could just as easily copy any other keys that are created on Windows platforms. Worrying about the gatekeeper stealing keys is redundant. Open source means nothing in this instance. Breaking secure boot remains the primary reason not to encrypt your whole disk with VeraCrypt on Windows. It's a deal breaker.

Encrypted containers are for document storage not for security. They will not stop your machine giving up sensitive information.

Enterprise and Pro have the same local policies except for disabling the store. All other differences are group policies. Virtually none of the added security features will run without a domain and Azure. No real reason to use this branch.

All computers in the last 5 years are released with > TPM 2.0. No need to check when buying a new PC.

Have you tried Qubes? It's interesting but not super practical for every day use. Maybe if you were a spy, researcher or a journalist it'd be solid.

SCAP tools are super interesting though. I'm going to check that out later on. Thanks man.


--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.

Extras: Filter Print Post Top
Invisiblefungusul
Fungus Kingdom

Registered: 07/16/20
Posts: 1,065
Re: How to encrypt and protect my computer? [Re: Northerner]
    #27282976 - 04/26/21 05:20 PM (3 years, 23 days ago)

Quote:

BitLocker uses AES256 encryption, practically unbreakable with current technology. Doesn't matter that MS implement it. There's nothing to show that they are copying private keys for it up to servers, and if they were they could just as easily copy any other keys that are created on Windows platforms. Worrying about the gatekeeper stealing keys is redundant. Open source means nothing in this instance. Breaking secure boot remains the primary reason not to encrypt your whole disk with VeraCrypt on Windows. It's a deal breaker.




It's a big problem because M$ is implement it, without any security audits, without any peer reviews. Given that M$ has very dark history of abusing customer trust, they cannot be trusted with any kind of crypto, privacy or security of your system.

Quote:

Have you tried Qubes? It's interesting but not super practical for every day use. Maybe if you were a spy, researcher or a journalist it'd be solid.




Yes, it's an overkill for regular user, but if you are a spy... :wink: . QubesOS and Whonix make a good combination if you are willing to spend the time to learn it.

Quote:

SCAP tools are super interesting though. I'm going to check that out later on. Thanks man.




SCAP tools are used by defense to secure their Windows systems. Once you run them, you understand how many security holes are in a default Windows installation. Windows machine can be made super secure if you are willing to spend a lot of time.

Quote:

Encrypted containers are for document storage not for security. They will not stop your machine giving up sensitive information.




Yes, they do not increase security of the system. Best combination is to use BitLocker/LUKS to encrypt entire HDD, and to keep sensitive information inside VeraCrypt containers(which are cross-platform).

Quote:

Breaking secure boot remains the primary reason not to encrypt your whole disk with VeraCrypt on Windows. It's a deal breaker.




It's bad idea to use VeraCrypt on system partition. Not following fixes or expert in VeraCrypt, but they have uploaded EFI boot loader signed files, which means that you can still use secure boot. See DCS EFI Bootloader files that are signed.

Extras: Filter Print Post Top
OfflineNorthernerM
splelling chceker
 User Gallery

Registered: 07/29/12
Posts: 14,828
Loc: FNQ
Last seen: 9 hours, 6 minutes
Re: How to encrypt and protect my computer? [Re: fungusul]
    #27283093 - 04/26/21 07:23 PM (3 years, 23 days ago)

MS can take any private key on your system at creation, by nature, they own the kernel. They are the gatekeeper. If you do not trust them not to upload any or all of your keys or data it is irrelevant how or what you encrypt your data with. Take a moment to digest that fully.

Man, I've got no love or trust for MS but there has to be a dose of reality to go with the paranoia hey.

I didn't know veracrypt had its own EFI, I can totally tell why it is ignored for the most part though. No one recommends that for good reason. Using Veracrypt within BitLocker-ed drives for archives is common practice though.

Checking out OpenSCAP tools this morning, interesting, needs more research. Going to put it to someone else in my team when I have a clear understanding. That way I can share the blame if it brings us down for a while. :lol:


--------------------
The nearest we ever come to knowing truth is when we are witness to paradox.

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Bridgetown Botanicals CBD Concentrates   Kraken Kratom Red Vein Kratom   Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   Myyco.com Golden Teacher Liquid Culture For Sale


Similar ThreadsPosterViewsRepliesLast post
* The BASICS of Securing your computer and E-mail. Cyber 2,691 12 06/09/09 03:34 PM
by Alan Rockefeller
* Use encryption! + some common sense tips
( 1 2 all )
Quake3 5,434 26 01/22/09 11:45 AM
by flip3084
* Feds forced to get creative to bypass encryption
( 1 2 all )
Ogla 929 20 01/26/12 09:06 AM
by Viruk
* Trying to improve my computer security Anonymous 114 3 07/20/11 11:33 AM
by snoot
* New Data (surveillance) center in Utah and encryption. CounterCulturest 221 8 03/16/13 12:26 PM
by Stonehenge
* Computer as Evidence?
( 1 2 all )
Anonymous 393 31 03/03/12 06:26 PM
by maug
* Computer Security SoopaX 878 4 11/29/04 10:31 PM
by onetime
* Hard Drive encryption Wise Toad 241 7 01/03/12 01:57 PM
by CrimpJiggler

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Enlil, Alan Rockefeller
502 topic views. 0 members, 0 guests and 3 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.023 seconds spending 0.007 seconds on 15 queries.