Encryption under threat after latest Paris terror attacks.

The latest Paris terrorist attacks are the impetus for more discussion about encryption. It is claimed that the terrorists used services such as TOR or a VPN to hide their traffic on the Internet when discussing their plans before the attacks. This will of course lead to more plans to tighten Internet monitoring and restricting the use of Virtual Private Networks and/or the TOR network. The thing is, anyone can setup a Virtual Private Network with a computer server anywhere in the world and hide their Internet traffic easily, any website they visit will only see the Internet Protocol address of the VPN server, not their home IP address. This can be a good thing when the Internet user is behind a restrictive proxy and some Internet websites are blocked. The user can bypass any Internet restrictions and browse using a connection that is a secure tunnel over the existing Internet pipe. If the VPN is configured to use Port 443, this will look just like a normal HTTPS session.

You may find a nice OpenVPN tutorial at this website: https://openvpn.net/index.php/open-source/documentation/howto.html. This will get you on your way to setting up a secure Internet tunnel. Amazon AWS offer a free tier with Ubuntu server 14.04 & 30 gigabytes of SSD space. This would be perfect for setting up your own VPN server to tunnel past a restrictive work or school proxy. If the VPN is to be setup on Ubuntu server, you may use this script: http://www.securitronlinux.com/bejiitaswrath/easy-way-to-setup-a-working-openvpn-configuration-on-ubuntu-server-on-amazon-aws/. This when run as root will setup the entire OpenVPN configuration for you in one go. How good is that?

Then just edit the configuration to connect on port 443 and then the SSH connection to the server may be made to 10.8.0.1 on port 22. That is what I do and it works very well indeed. There is always discussion of the “evils” of encryption and demonizing strong encryption methods, but they are necessary for the secure transfer of data. Of course something like a SHA512 password hash may be broken easily if you have the salt. But for strong encryption, you need the keys to de-crypt the encrypted data. So there is the problem. There must exist a secure way to get the keys to the recipient, so they may read your secure information. A secure courier service or encrypted E-Mail system would be required to ensure they are not stolen en-route.

Certificates in a web browser.
Certificates in a web browser.

A public key infrastructure has been around for a long time. This involves a secure private key that is used to sign and encrypt data, and a public key which may be freely shared in e-mail messages on the Internet. This is rather like the sort of encryption used by websites, there is a certificate authority, that signs certificates with a private key, and public keys which are embedded in web browsers. This system is used to verify that a website, for example a banking website, is the actual website you were wanting to visit and enter your credentials into. If you are to get into someones computer and install malware, you could force them to visit a fake site without their knowledge as they will not get a warning in their browser. That is a scary thing, and a good warning to ensure your machine is free of malicious software. In conclusion, I wish the people of Paris all the best for the future and may the future be full of brighter days.

Vive la France. Ne pas s’incliner devant l’ennemi, ils ne casseront pas vous!

No comments have been made. Use this form to start the conversation :)

Leave a Reply