The iPhone 6 Plus may be bending in people’s pockets and under the pressure of tough hands, but it’s not bending to the will of the US National Security Agency NSA any longer.” – inverse.com
Very nice to hear the iPhone 6 can defeat the NSA; I just don’t think I believe it. It’s also a little bit funny that Apple would leverage this slippery topic (NSA domestic spying) to market their phones – but maybe it will help this very real issue be taken more seriously by the main stream.
Why am I skeptical about their data encryption claims? I’m not sure anyone really knows what a hacker can hack unless that hacker makes it known to you. For all I know the CIA & NSA can decrypt MD5 and other hashes. If they choose to watch and leave no trace of their visit – how would I know they were here. Oh sure I could analyze logs and hope intruder detection software works – but a clever hacker may be able to access any connected system.
Hidden Bunkers are Better than Castles – I think of encryption like a fortress. Any fortress can be taken, any defense defeated, it’s a historical fact. So a slightly better strategy may be camouflage. Instead of putting your data in an encrypted vault that has a big sign on it saying ‘SAFE’, put it in a hidden safe – or don’t put it online at all. In other words think hidden bunker versus castle because if they don’t even know you’re there, they can get you. (Good strategy for the Zombie Apocalypse too!)
Camouflaged Bunkers with Secret Doors are Better than Bunkers – If you can’t hide the fact that you exist, consider a camouflage deception. For example, if you keep passwords on your computer put some fake passwords and accounts in a fake file named ‘My Passwords’. Then somewhere else, under an inconspicuous filename, put the real passwords file and create a simple, easy to remember ‘decryption code’ that you keep in your head and can use on-the-fly.
In other words use a self-invented Pig Latin decryption key. Don’t use Pig Latin itself – too easy to decrypt, but invent something as easy to remember. Here’s a Pig Latin refresher:
- pig => igpay,
- banana => ananabay
- trash => ashtray
Like I said, while this particular method would be easy to guess, it illustrates the idea. To take it the next level you might consider some of the following ideas:
- Add two random characters to the front or back of your recorded passwords. You simply remember to ignore the first or last characters. This would be very easy to remember but easier to crack too.
- In the real passwords use certain numbers for letters that resemble them like 8 for B or 7 for L. Then when using the password you just remember Bs are actually 8s.
- Record correctly spelled words in passwords (which is a terrible thing to do for real passwords) then remember your preferred misspelling of that word in the true password. For example, 1Password! might really be 1Pazzwerd!
- Flip two word passwords around. For example, record a password like, 1badpassword! but really use password!1bad.
- If you flip things around in any way, like letters or words, be sure they look more correct in their encrypted form. This way the obvious decryption is not easy to spot. For example, if the encrypted password is: 1RedBird! the true password could be: Bird!1Red. The capital letter in the middle of the string shows you where to flip it and RedBird actually makes sense so it just looks like a bad but real password. You could step it up and always replace certain letters with numbers like: 8ird!1R3d (capital B is 8 -and- e is 3).
So why go through this? Hackers hack, and if they can get into a big corporations like Target & Home Depot they can hack your computer. Most of the time professional hackers are going to focus on the castles because the loot is more plentiful, but home networks are easy prey.
Many times home networks are insecure and have wide open holes via printers and other networked devices. So the information on our computers is vulnerable, especially if we leave our computers on all the time without firewalls enabled. With automated tools hackers can scan the Internet in their sleep looking for vulnerable systems, so even though your system may not look like a gold mine, the bots may still visit and test your security.
These little Pig Latin Encryption tricks may seem extreme, but they could be your last line of defense if someone were to hack your machine. The hacker would think they have your password list, but in truth they would have to spend real time (as opposed to automated bot time) to noodle-through your password encryption – assuming they thought you had implemented one. It’s more likely that they would just give up and move on.
You can do the same thing with credit card numbers, drivers license numbers, social security numbers, and so on – assuming you already keep a list of those things on your computer.
But the true last line is to simply keep these things written in a little book in your pocket. But if you do that, definitely use a Pig Latin Decryption system since that little black book may someday go missing too, and that would suck.