Αυτό είναι λάθος.
Στο παρακάτω άρθρο, γραμμένο στα Αγγλικά και παρατιθέμενο μερικώς λόγω της έκτασής του, περιγράφονται κάποιες μέθοδοι επιτρέπουσες σε κάποιον να κρύψει τα αρχεία του στη κυριολεξία και από τη CIA.
-----------------------------------------
Introduction
The tools used by the states to protect their secrets are double-edged swords: they allow dissidents -and, unfortunately, common criminals- to protect theirs, just like they enable you to do so.
The common perception that security agencies and corporations can access all of your data is a myth. That could be the case if someone uses commercial OSs that track everything one does, but not if someone is deeper into computer security. There are some certain methods to hide your sensitive data from literally everyone.
I boldly and proudly proclaim that if you carefully use the methods to be described, nobody will ever access your secrets, unless quantum-computing methods are developed in the future (a scenario to be described in the final section of the article).
Who would want to protect data even from the agencies of his country or the corporations without being a common criminal?
- Journalists about to reveal something they are not supposed to.
- Politicians hiding data disastrous for governing opponents.
- Dissidents of oppressive regimes and dictatorships.
- Atheists of radical Islamic countries.
- Scientists wanting to protect their ideas and/or inventions.
- Technology researchers wanting to protect their work from competitors.
There is no guarantee that the algorithms of an encryption tool are properly implemented in code. Even if algorithms as Rijndael and Serpent are secure and powerful by a mathematical aspect, how can you be sure that their implementation in code is not buggy, thus allowing attackers to execute attacks similar to the simple yet ingenious padding oracle attack?
Furthermore, who can assure you that the software company that developed the encryption tools has not deliberately allowed backdoors that enable the authorities bypass the encryption? Or even sent the passwords you are typing to an agency? If you are a i.e. journalist intending to publish something you are not supposed to, you might want to be sure that the related data would be secure even if the police were informed about your plan.
A possible way to prevent such scenarios could be to multiply encrypt your sensitive data, with various encryption algorithms in different encryption tools. The odds that two distinct tools developed by other companies are both flawed are rather negligible. An easy solution would be to encrypt your data with winRAR in the first place, thus securing them with AES of 256-bit key, and reencrypt the .rar using i.e. Serpent or Kuznyechik with another tool (i.e. Veracrypt).
When it comes to the .rar encryption, even though winRAR uses plain AES, the nature of the .rar files does not allow for a quick brute force attack since many computations must be carried out in order for the headers to be checked. Tomshardware carried out an experiment in 2011, and no more than 15.000 passwords per second could be pushed for .rar even with the use of GPUs. In comparison, about 500.000 passwords per second could be pushed for an encrypted .zip. Even though the computational power has more than tripled ever since, with rar5 files using a BLAKE2 checksum instead of a CRC32 a brute-force would be extremely slow, since the former message digest demands considerably more time to be deduced.
When it comes to serious encryption tools, such as Veracrypt or Truecrypt (with the former being the successor of the latter), it is imperative that you use another encryption algorithm. You may prefer Serpent, which is technically more powerful than Rijndael, yet too slower to be chosen as the AES. Twofish and camellia are also a good.......
η συνέχεια στο
https://georgemalandrakis.blogspot.com/ ... itive.html
------------------------
Μπορείτε να προσθέσετε και εσείς τις δικές σας προτάσεις για απόλυτη ασφάλεια
