Since some people who shall go nameless (Grave Digger) are hell bent on proving that their buddies over at DN/Nagra can break ANY encryption I'll post this up for you to view:


http://www.howtogeek.com/114155/how-to-hide-your-passwords-in-an-encrypted-drive-even-the-fbi-cant-get-into/


And for the skeptics that are curious about the “FBI” claim in our headline, you can read up on Operation Satyagraha, where money launderer Daniel Dantas has successfully encrypted his data and kept the FBI at bay for as long as a year with the very tools we’re going to use today.

Just remember no matter how smart you think you are there is always someone smarter. That also applies to the FBI, DN or Nagra for that matter. None of these agencies are God. And yes on the reverse side of that I know that if man makes it, man can break it. But in this case he cannot. :yes:

Since some people who shall go nameless (Grave Digger) are hell bent on proving that their buddies over at DN/Nagra can break ANY encryption I'll post this up for you to view:


http://www.howtogeek.com/114155/how-to-hide-your-passwords-in-an-encrypted-drive-even-the-fbi-cant-get-into/



Just remember no matter how smart you think you are there is always someone smarter. That also applies to the FBI, DN or Nagra for that matter. None of these agencies are God. And yes on the reverse side of that I know that if man makes it, man can break it. But in this case he cannot. :yes:

Sod. I would say just ignore Grave Digger but he did call you out......so he falls into that 'not so smart' category. Excellent post! but I would say wuf, gman, vgiddy et al, saw only the $$$ and the not the common sense to CYA.

Sod. I would say just ignore Grave Digger but he did call you out......so he falls into that 'not so smart' category. Excellent post! but I would say wuf, gman, vgiddy et al, saw only the $$$ and the not the common sense to CYA.

That's what I'm thinking is they were not encrypting anything. If they were first and foremost you wouldn't sit a file on your desktop with an obvious name of the very activity you were trying to hide. That is just plain stupid IMO. I think they under estimated the tenacity of DN/Nagra and the lengths they will go to to protect their signal.

I just wanted people to know that there are encryptions if used properly that cannot be broken into. Trust me the day these are broken you will read about it ALL over the internet. ;)

Well, I think that is too much of a pain--a usb drive that you can only use as admin? Why not just use 3des or twofish on a single file? Sure a look in the drive (if found) would likely find the encrypted file, but that does not make getting in the file any easier. And using a little program to decrypt the file when you need it would not be hard. I expected a really tricky topic from the title of this thread, not just "use an encrypted flash drive"

Well, I think that is too much of a pain--a usb drive that you can only use as admin? Why not just use 3des or twofish on a single file? Sure a look in the drive (if found) would likely find the encrypted file, but that does not make getting in the file any easier. And using a little program to decrypt the file when you need it would not be hard. I expected a really tricky topic from the title of this thread, not just "use an encrypted flash drive"

LOL well obviously there are other ways to encrypt information. Some think that its not possible and that the all seeing, all knowing DN can find anything. At least I know there are others that know of ways to encrypt things also.

I still advocate hiding the file right out on your desktop and name it something innocent like WoodenBridgePic and change the extension to something like a .JPG and there would be no reason for anyone to suspect that it is anything other than a "corrupted" .JPG file. There is no way in hell that DN/Nagra or the Feds for that matter would go through every known extension changing that .JPG file until they get an extension that they can read. They would simply take it at face value that its a .JPG file. Better yet hide it in a folder titled Screen Savers among hundreds of other .JPG's.

No offence here sod but you may learn a thing or 2 from jvvh5897.
Might want to hook up in pm and keep this out of forums. ;) jmo

No offence here sod but you may learn a thing or 2 from jvvh5897.
Might want to hook up in pm and keep this out of forums. ;) jmo

Oh no offense at all taken.

We have shared a PM or two about some other things. ;)

Maybe we should make this a contest!! I wrote a little program last night to encrypt a file--I could post the source code for the program and an encrypted file--I used 128 bit encryption in a modified blowfish routine on a bmp, but if anyone would like to argue that they don't have FBI's computers I could take that down to 64 bit. You would have the advantage of knowing it is a bmp, so should be able to figure out the 0x36 bytes of the header pretty easy (could have zipped the file in some way to make it harder but did not, could have used the routine repeatedly but only used it once). And with the algorithm right in front of folks....might not be too hard to see how they do. I have two versions of the routine, first uses a fixed key but varies the parameters of the blowfish init, second uses a file on the computer for the source of key and starts picking out the key from a command line parameter as well as command line vary of the blowfish init (BTW, if one were to use a file with the copyright symbol as the source for the key string, if the FBI did decrypt the file one could argue that they violated the law to do so).

Let me know if interested. This is a site that should have an interest in cryptography.

http://www.satfix.net/showthread.php?138058-using-blowfish-and-other-encryption-methods&p=979086#post979086
has the code and example encrypted bmp.

Last week NPR had a little report from BlackHat in Las Vegas where a guy had gone to a password symposium. It seems that crackers have lists of passwords a billion entries long--pet names, street names, numbers only, pairs of words. The reporter recommended folks use a password manager. Obviously a password list would be hard to use on a site that gave you only 3 tries at a time, but for sites that have been hacked and parts lifted out, they were able to use graphic accelerator cards in cracks.

Last week NPR had a little report from BlackHat in Las Vegas where a guy had gone to a password symposium. It seems that crackers have lists of passwords a billion entries long--pet names, street names, numbers only, pairs of words. The reporter recommended folks use a password manager. Obviously a password list would be hard to use on a site that gave you only 3 tries at a time, but for sites that have been hacked and parts lifted out, they were able to use graphic accelerator cards in cracks.

Yup lists like that exist. I have a few of 'em. The most common password in use today....123456 ;)

Actually its not that hard to brute force a page even if it only gives you 1 login attempt. It just takes longer is all. The most common program in use right now actually lets you set "failure", "success", "retry" and "ban" keys. So lets say you get 3 incorrect login attempts and then maybe the site bans you for 30 minutes? You can set the cracker or bruteforce program to trigger on the source code of "you have used up your failed login attempts and will now be banned" as a ban key. That way it would ban that proxy you are using for 30 minutes and bring the proxy back up when the 30 minutes expire. Its all automated so you can set it to run while you are gone even. The more proxies you have the more "chances" you have before the ban source code is introduced. Run thousands of proxies and you can get a hit pretty quickly.

[QUOTE=sodusme;978380]LOL well obviously there are other ways to encrypt information. Some think that its not possible and that the all seeing, all knowing DN can find anything. At least I know there are others that know of ways to encrypt things also.

I still advocate hiding the file right out on your desktop and name it something innocent like WoodenBridgePic and change the extension to something like a .JPG and there would be no reason for anyone to suspect that it is anything other than a "corrupted" .JPG file.

This is at best an attempt to mislead or at worse sheer and paid for in full misinformation at the hands of a salary from Dik/Bev... Alternatively it may be just the way you are and/or your own minds need to rationalize it as you are The man who knows all personality. I am guessing the latter. But a bit self taught using Google amongst other sources.

The websites you list in your postings are bye no means expert on these issues, nor should any reading this take anything said about security from those seriously. You want as good as it gets security wise, there is a few options, legitimate, open-source options. Not "rname your file to .jpg" the FBI or "Insert alphabet agency here" will never find it. I mean come on.... Think folks. Any elementary grade K-6th knows this trick.

#1 Tails linux based tor oriented live cd distro. (As secure as it gets and user friendly)
#2 Tor Bundle (less secure but still rock solid if best practices are followed)
#3 X-FTA Router in repeater or bridged mode snagging a signal using a cantenna Parabolic antenna, or even a dihnetwork sat dish lined with mere tinfoil and with a pigtail adapter connected to external wifi (Will grab signals solidly up to 5 miles away with line of site, without line of sight 1.0-4.9, further you can merge all of them into 1 pipe, using some simple software that is Linux only ATM that I know of but includes wpa/2 cracking built in as well.)
#4 Dont do it at all



Over confidence in ones taught skills and as such the blatant disregard for more updated modern forensic techniques misinforms those who take your opinions seriously & at face value. However you are either stuck in the late 1990's or you just Google it, plagiarize it and pass it on as gospel.

You as a "Educated certified and all around master of this should know that ever since September 11, 2001 and the first known xase from 1997 it was known messages where hidden in photos, jpeg, png, etc... the NSA, DHS, FBI, NIT, CIA, and more all dumped hundreds of millions into breaking this form of encryption, if you will. Now anyone with a bit of terminal command knowledge can extract it regardless of passwords or obfuscations and format manipulation and do it in seconds. It is also easily forged using simple exifdata tools on any linux distro.

I can list another dozen examples of encryption that are industry standard, even Dish and Bev use that are broken, can be or will be soon... If you like... But since you mock my degree in this line of work I felt it only right to point out to this community your lack of and disregard for anything other than looking smart and trying to be noticed among a group of very skilled and smart folks.

But you put those new to this in jeopardy telling them file extension obfuscation will fool the police on any level...local or federal

Yup lists like that exist. I have a few of 'em. The most common password in use today....123456 ;)

Actually its not that hard to brute force a page even if it only gives you 1 login attempt. It just takes longer is all. The most common program in use right now actually lets you set "failure", "success", "retry" and "ban" keys. So lets say you get 3 incorrect login attempts and then maybe the site bans you for 30 minutes? You can set the cracker or brute force program to trigger on the source code of "you have used up your failed login attempts and will now be banned" as a ban key. That way it would ban that proxy you are using for 30 minutes and bring the proxy back up when the 30 minutes expire. Its all automated so you can set it to run while you are gone even. The more proxies you have the more "chances" you have before the ban source code is introduced. Run thousands of proxies and you can get a hit pretty quickly.

An excellent way to get huge lists' is to use an underrated yet incredibly versatile and powerful little program called rsmangler
Open a text editor and create a doc called wordlist.txt for example. Now enter 2-3 ketwords perhaps a number all on seperate lines in this example i used 'bob', 'smith' '89' maybe bob is a sex addict so add 'sex' too. If you go above 5 lines the resulting list will be very, very big, so big in fact you'll need a up-to-date pc and a powerful one as it's not uncommon for that alone to generate over half a million combinations in minutes and millions in an hour.

Back on topic... In the terminal "ruby rsmangler --file words.txt >BobSmithPass.txt
the minimum I have seen it generate is 25,000+ max was 110 million. Also compared to Crunch or John The Ripper the list of words are relevant and widely used Crunch is notorious for irrelevant word list generation... Give rsmangler a try..

LOL well obviously there are other ways to encrypt information. Some think that its not possible and that the all seeing, all knowing DN can find anything. At least I know there are others that know of ways to encrypt things also.

I still advocate hiding the file right out on your desktop and name it something innocent like WoodenBridgePic and change the extension to something like a .JPG and there would be no reason for anyone to suspect that it is anything other than a "corrupted" .JPG file. There is no way in hell that DN/Nagra or the Feds for that matter would go through every known extension changing that .JPG file until they get an extension that they can read. They would simply take it at face value that its a .JPG file. Better yet hide it in a folder titled Screen Savers among hundreds of other .JPG's.

lol ... who's your stalker sod :)

better to use an actual picture and concatenate the file to the end ... that way the picture doesn't raise suspicion, it will look and act like a normal picture ...

it's not going to fool anyone with any real skills or someone that's doing a forensic audit of your data ...