Digital Cryptography- Why & How

• Personal identity data, including passwords, PIN numbers, phone numbers, and addresses. Pretty much any piece of information that you'd give to an online vendor, a bank, or a government agency can cause serious problems if stolen and used by someone else to pass as you. If enough of your "identity" is attained by a criminal, he or she can do anything from maxing out your credit card to forging documents, to selling your information to marketing agencies or other criminals!
• Online browsing preferences and bookmarks. Do you want someone to find out what porn and warez sites you've been visiting lately? Do you read and/or post potentially controversial or "subversive" material online? If you do, keeping traces of this secret is central to maintaining your reputation and even freedom! If you're like most users, you probably don't do such things, but again, there are those pesky spammers and marketers out there. And, as always, there's the potential of government spying in any country.
• Financial information. As previously mentioned, anything related to passwords, PIN numbers, or other bank, purchasing, or stock transactions and holdings must be kept in strict confidentiality, lest someone discover and rob your assets.
• Agitating or otherwise "dangerous" materials. For activists, coordinators, and any other opposers of a status quo, this category of data is probably the most worthy of encryption. What the government don't know will hurt it (perhaps), but what it do know may hurt you. To keep any action plans, public-documents-in-progress, or anything else you don't want to be caught red-handed with.

• With many services, such as web-based e-mail (web mail), it is possible to log on using SSL (Secure Sockets Layer). "Secure" HTTP is designated by a "https://" url, as opposed to the standard http://. Though not of the absolutely highest grade encryption, HTTPS connections are effective in keeping out 99.99% of spies- unless someone really wants you in particular, they'll not waste their time with this. The average cracker or scam artist will only attack the easier targets, and if you're using SSL, you won't be one of them.


• The next orders of business are those infamous cookies and referrer headers. I'm assuming you know what these are, and how to manage them in general. That said, here are a few extra hints you might want to take note of. First of all, don't be stupid enough to use Internet Explorer. Not only does it have a million bugs, but it's very difficult to configure when it comes to the fine details. Therefore, get yourself a copy of the latest Firefox web browser. After you've got it installed, type "about:config" (no quotes) in the address box to reveal its hidden settings interface. Go down to the section named "network.http.sendRefererHeader", and change its value from the default of 2 to 0 (zero).
  
  This will disable Firefox from sending referrer headers to a website, thus making it much more difficult to track your browsing habits. There are a few poorly-designed websites that require referrers to be enabled, but they are rare and probably not legitimate anyway (some warez and porn sites use them for example). As far as cookies go, you should disable off-site cookies at least. Some users may want to set Firefox to ask about each cookie before accepting, but this gets annoying after a while.
  
  A better solution would be to use Privoxy. This small proxy program can filter out ads, pop-ups, cookies, and referrers, and is pretty well configured from the get-go. Though it hasn't been updated since January of last year, Privoxy is available for many operating systems, and doesn't seem to have any problems. Although cookies and referrers aren't directly related to cryptography, I included them here for completeness, as filtering them out can make your SSL usage more anonymous.

• TrueCrypt is a must-have for anyone who has top-secret data that must not be uncovered under any circumstances. You can use several types of high-grade encryption to make a single-file "virtual file system" to store your data in, or you can format an encrypted partition. One of the coolest features of this program is that you can make a secret file system nested within your "outside" encrypted partition. You can then fill the outer partition with a few dummy files to fool your interrogators in case they force you to decrypt what they think is the real content! If you don't tell, they won't ask, as TrueCrypt partitions are, for all intents and purposes, impossible to identify as such in the first place. Truly, this cryptographic titan would make the lowly GPG/PGP encryption system shit in its pants if it could, pardon my French!
  
  For all you sorry sods that are still running Windows 95/98/ME, TrueCrypt won't run. Instead, try AxCrypt. This program is similar, but it works for Win9x as well as 2k/XP. It integrates into Windows Explorer, making it easier for newbies to use, but doesn't do some of the cool stuff that TrueCrypt does. Also, you only get SHA-1/AES encryption, but for 99.999% of spies/crackers, that's good enough.


• "Encryption is great for hiding sensitive data," you may say, "but what if I have data I want to destroy?". That's where Eraser comes in. Eraser is an open-source utility for Windows that can securely and permanently erase unwanted files and unused disk space. By default, it overwrites existing files thirty-five times with random data, and blank space once.
  
  In addition, the Eraser package comes with Nuke Boot Disk, also known as Dan's Boot and Nuke (DBAN). DBAN is a one-floppy Linux program that will permanently destroy any and all data on an entire hard drive in a short period of time. This is useful to securely erase a hard drive that you want to give to someone else, or to destroy a lot of evidence quickly in an emergency. Be careful, though. You'll never be able to get your data back afterward, so have back-ups of anything you want to save!


• Another very versatile and portable crypto tool is JavasCrypt. Written entirely in HTML and Javascript, and utilizing the AES encryption standard, this little gem is great for situations where all you have is a web browser or an e-mail client. Not only does JavasCrypt do text encryption (no binaries, sorry!), but you can use it to do stenography and generate random passwords/phrases. It's quite handy to have around, because of its simplicity and utility.
  
  Also available is another tool-set called CryptoMX. CryptoMX is similar to JavasCrypt in many ways, but offers a few differing features and a more user-friendly DHTML based interface. Both of these packages have their own strengths and weaknesses, but they are both small downloads, so I recommend trying out both at the same time. It can't hurt!


• Also of note are Omziff and UltraShredder. They are a text cryptography and secure file shredder application, respectively. Both are extremely small and have no dependencies, making them ideal for use on a floppy disk or USB memory stick. Download both from Xtort.


• Although various implementations of GPG/PGP are all the rage these days, my personal favorite for POP/IMAP encryption/signing these days is Ciphire. It is based on the same SHA-1/AES public/private key system as PGP, but is much more secure and easy to use. The developers maintain their own certificate authority/public key server, so there's none of the mess of mind-blowing hacker docs that no one can understand. Also, Ciphire can automatically check to see if your recipients also have encryption. Those who do not will receive a plaintext version of your message, but you can change this if you'd like.


• Above, I mentioned SSL and SSL certificates. For those in the know, purchasing a "authenticated" certificate from Verisign or Thawte can be very expensive, typically $150-$250. If you're cheap, or a poor student like me, you can instead use CAcert. Its free, and you can use your account to generate both personal PK12 ID certificates, and server-side SSL certs. I'm in the process of trying to get SSL set up for this website, so stay tuned...


• Finally, for the ultimate in total computer security, try the secure UNIX operating system OpenBSD. According to the developers, OpenBSD (or "OBSD" for short) has had only one remote security hole in eight years, and utilizes an advanced encrypted file system to protect everything on your disk. I've used it before, and the installation is relatively easy, at least in comparison to other BSDs like FreeBSD. This OS is suited best to secure server environments, though you can use it on a client PC if you wish.