• Breaking News

    Wednesday, July 4, 2018

    Cryptography Windows + VeraCrypt security flaw? Images and thumbnails stored in Veracrypt files are viewable in the Windows ThumbCache even after the volume has been dismounted.

    Cryptography Windows + VeraCrypt security flaw? Images and thumbnails stored in Veracrypt files are viewable in the Windows ThumbCache even after the volume has been dismounted.


    Windows + VeraCrypt security flaw? Images and thumbnails stored in Veracrypt files are viewable in the Windows ThumbCache even after the volume has been dismounted.

    Posted: 03 Jul 2018 01:15 PM PDT

    Obviously this is not a technical problem with Veracrypt itself, but with the default way Windows interacts with a VeraCrypt volume.

    More info on the thumbcache: https://thumbcacheviewer.github.io/

    So I have a few questions,

    1. Is using the Windows Disk Cleanup (on an SSD) enough to securely delete all thumbnails generated from viewing images? I find thumbnails extremely useful and do not want to turn them off.

    2. Why does Windows sometimes save full resolution images in the thumbcache in addition to their thumbnails?

    3. You can use an image as a folder icon for NTFS formatted folders, where is that file path information saved?

    4. Finally, is there a way to have Windows generate viewable thumbnails every time you open a folder, but never actually cache them? Think I found this answer to this, let me confirm.

    5. I just noticed Cortana saves the filepaths and names of every file I view (ಠ_ಠ). Any way to disable this permanently? Found: https://privacy.microsoft.com/en-us/windows-10-activity-history-and-privacy

    submitted by /u/thisisfurporn
    [link] [comments]

    A Brief Look At North Korean Cryptography

    Posted: 03 Jul 2018 06:16 AM PDT

    micro-ecc - A small ECDH and ECDSA implementation for 32-bit microcontrollers. Is it secure?

    Posted: 03 Jul 2018 02:54 PM PDT

    I recently found uECC (http://kmackay.ca/micro-ecc/). I think it looks interesting and I'm considering using it for a small just-for-fun arduino project. I've tried it and it works fine but I don't have enough crypto knowledge to inspect the code in any meaningful depth. I just wanted to post there here to see if anyone might have looked into this to check that this implementation is ok security-wise?

    submitted by /u/thaliamodesto
    [link] [comments]

    How much more secure is Veracrypt compared to Cryptomator?

    Posted: 03 Jul 2018 10:39 AM PDT

    Here is a link to a page describing Cryptomator's security architect[ure.

    Here is a link to Veracrypt's documentation.

    Is Veracrypt more secure than Cryptomator? If so, by how much?

    The fact that Veracrypt allows for so much customization (of both the type of encryption you use and the strength of the cryptographic key, determined by mouse movement) has always made me feel like it's the vastly superior option security-wise. I'm wondering if this is actually true though. Purely in terms of security, how does Cryptomator stack up to Veracrypt? I know Cryptomator hasn't been formally audited in the same way Veracrypt has, but it has been audited by the community. Here is a statement by the developer:

    The desktop application Cryptomator has been peer-reviewed by the community. Its cryptographic libraries use only cryptographic primitives of well-known open source libraries like JCA, OpenSSL, and Common Crypto. Except SIV Mode, which is the only self-implemented cryptographic primitive.

    All cryptographic libraries have been reviewed by Cure53. The pentesting report can be found here. The reported issues are commented in the corresponding GitHub respositories.

    SIV-Mode has been reviewed by Tim McLean. The report on SIV Mode 1.0.8 can be found here and the issues found have been fixed with version 1.1.0.

    Veracrypt gives me a lot of peace of mind knowing how (supposedly) unbreakable it is. But it's an absolute pain to use Veracrypt with the cloud. I would maybe consider using Cryptomator in conjunction with a zero-knowledge cloud service. Whether or not I'd use it with something mainstream like OneDrive or Dropbox, I don't know yet. I was hoping that hearing what the /r/crypto community has to say on the matter would help me make up my mind.

    One of my biggest concerns at the moment is that with the advent of quantum computers and other advances in computing, what is considered secure today might not be considered secure in the near/near-ish future. What do you guys think of this issue in particular?

    Thanks!

    submitted by /u/retgame
    [link] [comments]

    [APP] Would love some ideas/feedback to improve my Bouncy Castle based Java crypto app

    Posted: 03 Jul 2018 07:35 AM PDT

    No comments:

    Post a Comment