Encrypting Stuff Against Starbucks Hacker Bob

Reader Jonathan P. wrote in to ask about getting started with encryption: Specifically he wanted to know what data one should consider encrypting first. The answer depends on who you are. For the purpose of this post, I will assume you are a typical Mac geek with a job that does not deal with highly sensitive information.

In our hypothetical case, we should start by encrypting data to protect against crimes of opportunity (think people trying to sniff data from open networks, or swipe your computer), rather than attempting to prevent an attack specifically targeted at you (think CIA/FBI/NSA investigation, or a hacker that wants to mess with you like in the case of Mat Honan).

In the latter case — an attack directed at you, specifically — you need to encrypt just about everything possible, but for the former (more likely) case, I recommend encrypting everything that can be encrypted easily, and with the least hassle.

The basic things to encrypt are: all of your HDDs/SSDs, your internet connection (when on a public network), your passwords, and any financial information you keep on your Mac.

Your overarching thought should be: “I need to be more secure than the guy next to me.” For most people the concern is not the NSA (thankfully), but the sketchy guy in the corner of Starbucks trying to sniff passwords to your digital life. That guy is (hopefully) going to give up on you if your setup is harder to get into than anybody else in Starbucks. That’s the goal here; not 100% secure but more secure than most.

If you’re wondering how to be more secure than the average Starbucks customer, and reduce the likelihood of being targeted by an opportunist, read on…

HDDs and SSDs

Luckily Apple makes this dead simple with FileVault 2. Unlike its predecessor, FileVault 2 is stable, secure, and minimally invasive. The biggest change most users will notice is that you must type your password when you restart, start, or lock your Mac. Power users may notice a slight drop in read/write performance, but I can tell you I have been using FileVault 2 since day one and I’ve never been bothered by anything speed related.

If you have a portable Mac, I think you’re crazy not to activate FileVault 2 given its simplicity and ease of use. There are, however, a couple of other things you should know:

  1. PGP Whole Disk encryption is just about as good as it gets, but you take a serious performance hit.
  2. You can, and very much should, encrypt any external drive that you use. Especially backup drives. What good is an encrypted disk if most of your data isn’t living on the encrypted disk? FileVault 2 can encrypt those disks for you too.

Note that in Apple’s installation guide for FileVault 2 you have the option of storing a key with Apple so that you can recover your password if you lose it. This is, needless to say, a less secure method as it essentially allows the Government access if they compel Apple to turn over the key: Unlikely as an attack vector for our hypothetical scenario, but still a threat. The trade off is: less secure but recoverable, versus more secure but not recoverable. For most users, the former is the better option and unless your primary concern is the U.S. Government you’re probably fine storing the key with Apple. But keep an eye on Apple’s security policies and evaluate the precautions they take to secure your key against unauthorized access.

Personally, I chose not to let Apple store my key.

Your Internet Connection

The second most important thing to secure on your computer is the information you send and receive over the Internet. This information, if not encrypted, can easily be swiped by malicious individuals on open networks. (Think: Starbucks, hotels, conferences.) This data is a very easy thing to secure with a Virtual Private Network (VPN).

Services like Cloak, make setting up and using a secure VPN trivial for Mac users. What’s great about Cloak is that it automatically activates itself if it detects you using an unsecured network. That’s great, but you still need to be aware of larger public networks that are “secured” via WPA or WEP but accessible to people you don’t necessarily trust. Cloak is cheap and also works with iOS. At $1.99 a month it’s almost a no-brainer.

For the more technical minded you can create your own secure VPN using Amazon EC2, or your own Mac mini (my solution).

Either way, if you’re accessing the Internet via a network you don’t control it’s a really good idea to encrypt your traffic using a VPN.

There is of course an alternative: tethering. While tethering on a cell network is not the most secure thing, remember that the goal for the average user is just to be harder to hack than the average person. At the very least choose to use your iPhone/iPad to tether instead of connecting to an insecure public network without a VPN. This way the opportunist hacker won’t be on the same WiFi network as you.

Note from James: If you choose to use tethering via an iOS device, be sure to choose your own WPA key, as the automatically generated keys are susceptible to cracking.

Passwords

Ok, so this is where I should advise you to use strong, unique passwords for every site and get yourself a copy of 1Password. Except that’s not really my advice. There’s a couple of issues that aren’t specifically encryption, but that I think are worth going over.

Different Passwords, Different Sites

I first want to address the common badge of honor worn by nerds that they have a different, incredibly complex, password for every site. 1 That’s great until you lose the app, and the data for the app that housed your passwords. Then you are hosed. The argument for this technique is that if any one site compromises your password, the rest of your sites are secure.

The argument for strong, unique, passwords is valid and very smart. My problem with this advice is that sometimes bad things happen to your data. So let’s pick on 1Password for a moment, because the only way to actually have unique and strong passwords is to have the world’s best memory, or to use a password manager.

Let’s say that my computer and all of my iOS devices are stolen. Let’s also assume that my Dropbox account was compromised. Now my 1Password database is gone, inaccessible to me, perhaps deleted by the hackers.

Let’s say I want to get into my email account. How do I do that? The password was strong and random and I didn’t remember it by heart. It was stored in 1Password, which is now gone. I can try ‘forgot my password’, but that sends an email to my backup email, which I also don’t know the password to. I’ll have to get a real human on the phone (good luck if you use Gmail) and try to convince them that this is my email, and that I am not actually a hacker.

Because there is a set of accounts that you will need access to if everything goes tits up, you should have a core set of strong passwords, perhaps unique, that you can commit to memory.

Additionally I have concerns with syncing 1Password data over Dropbox, but that’s a post for another day.

My advice is to get a password manager and to use unique, strong passwords for most, but not all, websites. Think about the sites you would be totally lost without access to (if that includes Facebook, never read my site again) and use memorable passwords that are still strong.

If you want to read more about what makes a good, strong password, I recommend this Ars Technica article.

Financial Data

This one is simple. Go to Disk Utility, create a new secure Disk Image, using 256-bit AES as the encryption. Store all your financial data in it — feel free to sync that DMG across Dropbox. If your Mac is encrypted, you can even remember the DMG password in Keychain and rest reasonably comfortably at night. 2

Email, Texts, IM, Phone Calls

Short version: don’t worry about them.

Longer version: it’s possible, but incredibly cumbersome to encrypt this data and requires both sender and recipient to have encryption setup. Essentially you can’t just encrypt an email, one way, as both parties need to be able to deal with the encrypted data. The tools exist but they’re generally unfriendly to install and use.

If encrypted personal communication is really important to you, it seems that a good, user friendly solution is Silent Circle. They have a great FAQ explaining how their encrypted emails work (not secure enough for talking to Snowden I would guess, unless you set up PGP on your Mac as well. Actually their email encryption is the most confusing part of the service to me so I am not sure how this compares to a self-made PGP solution).

I’ve been using Silent Circle. It works well and is generally easy going. The apps are rather ugly, but you aren’t paying for a great user interface experience, you’re paying for encryption. For a more in-depth look at the best options for encrypted communications, this article is a good place to start.

In The End

When you are evaluating how to secure your digital life, the most important thing is to determine what you are most paranoid about. Is it the NSA? Or Bob, the hacker that loves venti Macchiatos and reading your Twitter DMs?

  1. Truly if this is your argument your username should also be random.
  2. This is probably one of those passwords that you want to know by heart though.
Originally posted for members on: June 24, 2013
Follow along on RSS, App.net, or Twitter.
~I would appreciate it if you considered becoming a member.~