Pig Latin Encryption May Even Be Better than the iPhone 6 NSA-defeating Data Encryption

The iPhone 6 Plus may be bending in people’s pockets and under the pressure of tough hands, but it’s not bending to the will of the US National Security Agency NSA any longer.” – inverse.com

Very nice to hear the iPhone 6 can defeat the NSA; I just don’t think I believe it. It’s also a little bit funny that Apple would leverage this slippery topic (NSA domestic spying) to market their phones – but maybe it will help this very real issue be taken more seriously by the main stream.

Why am I skeptical about their data encryption claims? I’m not sure anyone really knows what a hacker can hack unless that hacker makes it known to you. For all I know the CIA & NSA can decrypt MD5 and other hashes. If they choose to watch and leave no trace of their visit – how would I know they were here. Oh sure I could analyze logs and hope intruder detection software works – but a clever hacker may be able to access any connected system.

Hidden Bunkers are Better than Castles – I think of encryption like a fortress. Any fortress can be taken, any defense defeated, it’s a historical fact. So a slightly better strategy may be camouflage. Instead of putting your data in an encrypted vault that has a big sign on it saying ‘SAFE’, put it in a hidden safe – or don’t put it online at all. In other words think hidden bunker versus castle because if they don’t even know you’re there, they can get you. (Good strategy for the Zombie Apocalypse too!)

Camouflaged Bunkers with Secret Doors are Better than Bunkers – If you can’t hide the fact that you exist, consider a camouflage deception. For example, if you keep passwords on your computer put some fake passwords and accounts in a fake file named ‘My Passwords’. Then somewhere else, under an inconspicuous filename, put the real passwords file and create a simple, easy to remember ‘decryption code’ that you keep in your head and can use on-the-fly.

In other words use a self-invented Pig Latin decryption key. Don’t use Pig Latin itself – too easy to decrypt, but invent something as easy to remember. Here’s a Pig Latin refresher:

  • pig => igpay
  • banana => ananabay
  •  trash => ashtray

Like I said, while this particular method would be easy to guess, it illustrates the idea. To take it the next level you might consider some of the following ideas:

  • Add two random characters to the front or back of your recorded passwords. You simply remember to ignore the first or last characters. This would be very easy to remember but easier to crack too.
  • In the real passwords use certain numbers for letters that resemble them like 8 for B or 7 for L. Then when using the password you just remember Bs are actually 8s.
  • Record correctly spelled words in passwords (which is a terrible thing to do for real passwords) then remember your preferred misspelling of that word in the true password. For example, 1Password! might really be 1Pazzwerd!
  • Flip two word passwords around. For example, record a password like, 1badpassword! but really use password!1bad.
  • If you flip things around in any way, like letters or words, be sure they look more correct in their encrypted form. This way the obvious decryption is not easy to spot. For example, if the encrypted password is: 1RedBird! the true password could be: Bird!1Red. The capital letter in the middle of the string shows you where to flip it and RedBird actually makes sense so it just looks like a bad but real password. You could step it up and always replace certain letters with numbers like: 8ird!1R3d (capital B is 8 -and- e is 3).

So why go through this? Hackers hack, and if they can get into a big corporations like Target & Home Depot they can hack your computer. Most of the time professional hackers are going to focus on the castles because the loot is more plentiful, but home networks are easy prey.

Many times home networks are insecure and have wide open holes via printers and other networked devices. So the information on our computers is vulnerable, especially if we leave our computers on all the time without firewalls enabled. With automated tools hackers can scan the Internet in their sleep looking for vulnerable systems, so even though your system may not look like a gold mine, the bots may still visit and test your security.

These little Pig Latin Encryption tricks may seem extreme, but they could be your last line of defense if someone were to hack your machine. The hacker would think they have your password list, but in truth they would have to spend real time (as opposed to automated bot time) to noodle-through your password encryption – assuming they thought you had implemented one. It’s more likely that they would just give up and move on.

You can do the same thing with credit card numbers, drivers license numbers, social security numbers, and so on – assuming you already keep a list of those things on your computer.

But the true last line is to simply keep these things written in a little book in your pocket. But if you do that, definitely use a Pig Latin Decryption system since that little black book may someday go missing too, and that would suck.

Immediately Conduct an Audit of Your Home Network – It May Be Wide Open to Hackers

It seems to be a normal practice for network device manufacturers (like HP and IOmega) to leave the password protection wide open on all sorts of network devices like printers, scanners, security camera systems, network storage devices, and so on.

I suspect this is done to make the devices easier to install and use, increasing their user friendly feel while lowering the cost to support. Sadly the side effect is that hackers can easily connect to these devices and access your saved data. So while your computer may be secure with a password, your network devices may be wide open to hacking.

To protect yourself dive back into the manuals for your home network devices and learn how to activate the security functionality. Be sure to pick a difficult password to break that contains numbers, special characters, and most importantly words not found in any dictionary.