Is an attacker able to intercept tls communication and get cleartext size information from the encrypted size of intercepted payloads? Or is there some kind of padding which would prevent messages such as
yes (3 letters) and
no (2 letters) from producing different size (larger for
Virtualisation can do reasonably secure nonpersistent drives. Would rather not rely on this alone but also have a host that is nonpersistent too. A live DVD as a host leaves no traces and is physically impossible to permanently infect/own but not very practical to carry around. A live USB flash drive is more practical. Another option is grub2 configured to boot from an ISO image in an internal hard drive.
In Windows there is Shadow Defender that intercepts all writes to disk and makes them nonpersistent by storing deltas instead. The deltas are stored in an encrypted format so in the event of a power-down they cannot be recovered easily. This software is hard to bypass because it uses a driver stub that loads very early in the boot sequence. What can one do in linux that is as securely nonpersistent as Shadow Defender or better?
Is grub2 boot from an ISO image as effective?
Are bootable USB flash drives made with Rufus given any bootable ISO image as effective?
What about fsprotect, is it any better than grub2 boot from an ISO image?
Distros proposed for the host: anything hardened like Pure OS, Astra Linux, Kodachi. Preferably Secure Boot signed.
Which is the most hardened option?
Assuming that online storage providers are considered untrusted, if files and directories are encrypted, how can these be protected against fingerprinting?
The files are encrypted using rclone’s implementation of Poly1305 and XSalsa20 before being backed up to the cloud provider.
According to rclone’s documentation, the available metadata is file length, file modification date and directory structure.
- What can be identified?
- What can be inferred?
- What attack vectors are there against the encrypted files and directories if the online storage provider is compromised assuming the passphrase is at least 24 characters long and is a combination of alphanumeric and special characters (uppercase and lowercase) as well as salted with similar entropy?
The encrypted data is considered to be sensitive.
How can I protect those files from being fingerprinted and the contents inferred such as ownership, source and the like?
I saw a very interesting question regarding Elgamal cryptosystem that I don’t know its answer. It is really interesting and I would be very happy if you could elaborate on it and explain the tricky part.
It goes like this: given Elgamal Cryptosystem:
1) Show how it is possible to create a valid new encryption from two different encryptions that we don’t know their decryption
2)How can an adversary take advantage of this property in order to attack a known encrypted text?
I don’t understand it, and it seems really cryptic and interesting. Tried digging on it but couldn’t find the connection or insights.
Seems really fascinating, would appreciate if you could explain it so I can understand this riddle.
As far as I know HTTPS URLs are encrypted (correct me if I’m wrong). There was a data leak recently and in one article about the leak I saw this picture:
If HTTPS URLs are encrypted then how did ISP log full URL (notice fw-url)?
I was going around when I saw a certain post about questions for SOC analysts. One of those questions (Q9) intrigues me:
What are some ways one can figure out of some encrypted incoming traffic carries malicious some payload?
I realized my server is hacked and an script is running on my server for awhile. as I found the code it seems its encrypted. I’m newbie in security. I tried to decrypt it with online tools but it wasn’t successful. here is the code below would you please assist me to understand it?
can you help me understand some questions about Veracrypt:
If you have created an encrypted file but the volume which you selected for it needs expansion, is it from security standpoint fine to just use the available option “expand volume” to adjust the file’s volume? Or is it for some reason better to create a totally new encrypted file with your desired larger volume?
What is the meaning of all the different Drive Letters (A-Z)? Do you have to mount a file from a specific drive letter, or can you mount from any letter?
This might sound dumb, but I set up an OpenVPN server on a Synology NAS. When I connect via the client at home to the server, everything works for.
I know you can read packets in Wireshark. If I start sniffing on My WiFi that I’m connected to at home, packets show for the OpenVPN protocol and there are few lines that say Synology (I believe this is a handshake) but everything else, every line of data is gibberish so I’m assuming it’s encrypted?
That also said, when I connect to the VPN another local area connection appears in Wireshark as an adapter to sniff. If I sniff the new local network this is NOT encrypted, but isn’t that normal?
Essentially you’re sniffing the new adapter itself locally as soon as you connect via the client? Or is that NOT normal? Why does it show gibberish like it’s encrypted on the WiFi via Wireshark, but not the new connection created upon connection to the VPN called Ethernet 2?