Saturday, August 28, 2010

Project 11-3: Using TrueCrypt

What is TrueCrypt?

TrueCrypt is an alternative to EFS, a third party application which is also used to protect files with cryptography.

How to use TrueCrypt?

1. Download TrueCrypt Installation file by clicking here
2. click "Download" under "Windows 7/Vista/XP/2000" and save the file.
3. Install the installation file and Launch TrueCrypt once complete.
4. click "Create Volume Button".
5. Select "Create a file container" and click "Next"
6. Select "Standard TrueCrypt volume" and click "Next"
7. Click on "Select File..." and type in "TrueCrypt Encrypted Volume" under file name
8. Click "Save" and click "Next"
9. Make sure "AES" is selected in "Encryption Algorithm" and click "Next"
10. Key in "1" and make sure "MB" is selected, click "Next"
11. Key in a Strong Password and click " Next"
12. Move your mouse in the box for about 30 seconds as randomly as possible
13. Click "Format"
14. Click "Ok" and followed by "Exit"
15. In "Volume", Click "Select File ..." and select "TrueCrypt Encrypted Volume" which you created.
16. Click on a drive letter above and click on "Mount" at the bottom left.
17. Key in the password
18. Once done, it would be mounted on the computer like a normal flash drive.
19. open "Encrypted.docx" in the previous project and save it in the mounted drive.
20. open the saved file and it should take a longer time to load as two decryptions are taking place. (EFS & TrueCrypt)

Reflection on Project 11-3:
If given a choice between EFS & TrueCrypt, I would select TrueCrypt as it provides me with more features and most importantly it is portable. By using just a single strong password, I am able to create a file which is highly encrypted and when i want to gain access, I would only need to provide the password. It is also able to encrypt a flashdrive and its contents are automatically encrypted when a file is stored in it and secured with a strong password.

On the other hand, EFS encrypts only on the system itself and saves a identity of the user. And only with this identity tag, I am able to gain access to the files. I may accidentally lose this identity tag if it was stored in a flash drive.

Therefore I would choose TrueCrypt over EFS.

Posted by LoNeLyXx at 1:14 AM

Project 11-2: Using Microsoft's Encrypting File System (EFS)

What is Microsoft's Encrypting File System(EFS)?

Microsoft's Encrypting File System(EFS) is a cryptography system for Windows operating systems that use the Windows NTFS file system. Because EFS is tightly integrated with the file system, file encryption and decryption are transparent to the user.

Using Microsoft's Encrypting File System (EFS)

1. Create two documents in Microsoft Words with the same contents and save it as "Encrypted.docx" & "Not Encrypted.docx".
2. Navigate to the directory of the saved files.
3. Right click on "Encrypted.docx" and select properties
4. In the "General" tab, under "Attributes" click "Advanced..."
5. Tick "Encrypt contents to secure data" and click Ok twice
6. A prompt may appear asking you whether you would like to encrypt the parent folder as well. Select "Encrypt the file only" and press "Ok".
7. Now the encrypted file should be green in colour and this shows that it is encrypted.

Reflection on Project 11-2:
To me, EFS is quite useful as it is tightly integrated with the file system which makes the encryption and decryption process nearly invisible to the end user.

It allows us secure sensitive data or even folders to from unwanted viewers while on a shared system. An attacker could use a LiveCD to boot up another OS to gain access to the files but with EFS, the identity tag was not provided and thus the attacker will not be able to gain access to the sensitive data. It uses an identity tag which can be stored in a portable storage device which is useful if your os is corrupted and you would want to retrieve files are the hard disk.

Posted by LoNeLyXx at 1:13 AM

Project 11-1: Installing Hash Generators and Comparing Hashes.

Installing Hash Generators and Comparing Hashes.

1. go to the link provided and save the file. "http://sourceforge.net/projects/md5deep/files/md5deep/md5deep-3.6/md5deep-3.6.zip/download"
2. extract the contents in the file
3. The programs are executed in Command Prompt and thus saving it on the root(c:\) or a flash drive to more efficient for this project.
4. Create a Microsoft word document with the contents, "Now is the time for all good men to come to the aid of their country.".
5. Save the document as "Country1.docx" in the same directory with the extracted contents.
6. Start up the command prompt.
7. navigate to the directory of the files.
8. Key in "MD5DEEP COUNTRY1.DOCX" followed by "MD5DEEP MD5DEEP.TXT"
9. Comparing both hashes, both have the same length, which makes the strength of md5 strong because no matter how big your file is, the generated hash has the similar length and thus harder to crack.
10. Now open up "Country1.docx" remove the full-stop at the end of the document and save it as "Country2.docx" in the same directory.
11. Comparing the two hashes, by just removing one full-stop, the two hashes have totally changed.
12. Now perform the same operation for "Country1.docx" & "Country2.docx" by using

• SHA1DEEP
• SHA256DEEP
• WHIRLPOOL

By comparing the hashes of "Country1.docx" & "Country2.docx", for every different hashing methods, each hashing methods use to hash the two files creates a hash of the same length for each file.

Comparing Hashes

By comparing the difference between the following hashes:

• MD5DEEP
• SHA1DEEP
• SHA256DEEP
• WHIRLPOOL

SHA is a more secure hashing algorithm then MD
WHIRLPOOL has the longest hash as it creates a hash using 512 bits and has received international recognition and adoption by standards organizations

Posted by LoNeLyXx at 12:34 AM

Project 8-5: Use an OpenID Account

Use an OpenID Account

1. first go to "http://www.livejournal.com/openid/"
2. Key in your identity URL in "Your OpenID URL:" as shown in the diagram below.
3. It would redirect to the OpenID Login Page
4. Sign In and tick "Never Expire" click "Allow".
5. It will return to LiveJournal Website.
6. Logout of LiveJournal.
7. Go to "www.lifewiki.net/login".
8. Enter "Your PIP Url" in "Identity URL" and click "Login via OpenID"
9. Note that when you click Login, it did not request for your OpenID password anymore as you are still logged on in OpenID.
10. Click Allow.
11. Once done logout.

Benefits of using OpenID:

1. Remove the hassle of keying in your information everytime you sign up on a website
2. Remove the stress of remembering passwords for each and every account.
3. Minimizes the risk of account being hacked.

Reflection on Project 8-5:
I think OpenID is very useful as it removes the hassle of keying in your information everytime you sign up on a website and because passwords are not sent to the servers and only information is sent, risks of the account being hacked is minimized.

The best thing about OpenID is removing the need of remembering passwords for many forums, websites & etc. OpenID provides the information to the servers and a account is created using just the OpenID URL.

Posted by LoNeLyXx at 12:06 AM

Friday, August 27, 2010

Project 8-4: Create an OpenID Account

What is OpenID?
OpenID is a decentralized open source FIN that does not require specific software to be installed on the desktop. OpenID is a uniform resource locator (URL)-based identity system.

Create an OpenID Account

1. Go to https://pip.verisignlabs.com/ and click on "Get Started Now".
2. Key in the requested information and click on "Create Account".

To add a Personal Image to your account

1. Click on "My Account" under "Links"
2. Click on "Browse" under "Personal Icon"

To View your information

1. Click on "My Account" under "Links"
2. Click on "My Information" under "Links"

• In this information page, the information keyed in will be sent to any website that uses OpenID to authenticate the user.

Posted by LoNeLyXx at 10:21 AM

Project 8-1: Use Cognitive Biometrics

What is Cognitive Biometrics?
Cognitive Biometrics add a two-factor authentication without placing tremendous burden on the user.

Use Cognitive Biometrics

1. Click here to go to the website
2. In the "First Time User's" field, key in the requested information and click "CLICK TO ENROLL".
3. Click on "Click to Continue".
4. Click "Ok" after reading information.
   
5. Accept "demo" as the name and click "Ok".
6. Click on "Next" to enroll now.
7. Start by following the on-screen instructions.
8. After enrolling, go through a few rounds of logging in to make sure you have remembered the three passfaces.
9. When you are done with the process click on "Done".
10. You can try to logon into passfaces by going back to the first page and clicking "LOGON" in the returning users.
11. Make the the username is "demo", click "Ok" and identify the faces.

Reflection for Project 8-1:
In my opinion, I think that passfaces is very useful, as some people may be forgetful and forget their passwords and by using passfaces, I could recognize my friend and do not need to crack my head thinking what password I use to create the account.

It also allows me to logon fast onto my account. Passfaces also creates a more secure online environment at costs significantly less than alternative technologies. It is not expensive and easy to use.

Posted by LoNeLyXx at 10:21 AM

Project 7-2: Download and Install a Password Storage Program

In this practical, I learn that when i create accounts on websites, strong passwords may be difficult to remember and there is a program called KeePass Password Safe which stores passwords securely in the program and protected by a Single strong password

1. Firstly click here to download and save the file.
2. After downloading the file, extract the file in a location such as desktop, a folder or a portable thumbdrive.
3. Run the application file "KeePass" inside the "KeePass-1.17" folder.
4. Click on "File" and "New" to create a password database.
   
5. Key in a strong Master password and click "Ok".
6. Once completed, click "Edit" and followed by "Add Entry".
7. Select a group to catogerize your entrys.
8. Key in the data for an online account.
9. Once done click "Ok".
10. Click "File" and "Save".
11. save it as your desired filename.
12. Now Click on "File" followed by "Open" and select a Password Database to open.
13. Key in the Master Password and click "Ok".
14. Click the category that your Entry is stored in.
15. Double click in the URL and it would direct you to the website
16. Next drag the "User Name" field into the website field for username.
17. do the same for password by dragging the "Password" Field.
18. Click the button to login on the website.

Reflection on Project 7-2:
By using Password Storage Programs, there are pros and cons. Firstly, you are able to create Strong passwords on websites and this would greatly minimize the chances of hackers cracking the password. But on the other hand, If the Password Database is stolen and the Master Password is cracked, the hacker is able to gain the passwords no matter how strong the password is.

If I was asked whether i would use KeyPass, I may use it to store accounts which are not of high importance.

Posted by LoNeLyXx at 10:20 AM

Introduction

Name: Tan Jun Xiang
Class: DISM/FT/1A/01
Admin No.: 1030073

Practicals

Practical 1

• Project 1-1
• Project 1-2

Practical 2

• Project 1-3
• Project 1-4

Practical 3

• Project 2-1
• Project 2-2
• Project 2-3

Practical 4

• Project 3-2
• Project 3-3

Practical 5

• Project 4-1
• Project 4-3

Practical 6

• Project 7-1
• Project 7-2

Practical 7

• Project 8-1
• Project 8-4
• Project 8-5

Practical 8

• Project 11-1
• Project 11-2
• Project 11-3

Navigations

• Jun Liang
• Jeremy
• Maverick
• Ajimal
• Eddie
• Kim Wee
• Wei Kiat
• NIL

Archives

• May 2010
• June 2010
• July 2010
• August 2010

Credits

• Drogue Designs
• Portfelia
• Brushworx
• Pootato
• The Glass Bead