Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way to DIRECTLY send files over encrypted connection?
New Posts  All Forums:Forum Nav:

Best way to DIRECTLY send files over encrypted connection? - Page 4

post #31 of 55
Quote:
Originally Posted by thiussat View Post

Don't know what you're talking about. AES's max key size is 256 bits. You seem to be confusing asymmetric and symmetric encryption. AES is a symmetric cipher. Asymmetric ciphers generally have larger keylengths. Still, though, 8192 is too large and really pointless even for something like RSA.
That's silly. Multiple encryption offers no extra protection. No adversary is going to be able to decrypt an AES-128 file as long as the password is of equivalent strength (128 bits of entropy). If you're using SSH or something of the sort there is no need to really encrypt the file before transfer anyway.
OP: Just encrypt the file with PGP/GnuPG and then email it to your contact. Pretty simple really. Or if you need a continuous connection, just use SSH.
EDIT:
Wow, as I continue to read this thread I see just how clueless the public is about encryption. First of all Bitlocker has not been "broken." It suffers from the same flaw EVERY disk encryption program does: it is susceptible to cold boot attacks. These attacks only matter if an adversary has physical access to your machine and is able to read the key from memory. There is no way to protect from this other than physically securing your machine. Truecrypt suffers from this same problem. The only time encrypted data is safe on your machine is when the machine is powered off.
Second, all these people saying to encrypt a file 3 times with AES have no idea what they're talking about. One time is enough. Why? Because if someone can break AES, they can break it three times as easily as one. (No one can break AES itself). If you use AES you can be assured 100% no one is going to read that traffic as long as you do everything properly and use strong passphrases, etc. If the NSA is your adversary, then you cannot be 100% sure of anything, but it's doubtful even they can read AES traffic.

Exactly what he said. I would just open up an SSH connection and send the files over. No need to encrypt multiple times and waste a lot of time with all of this, if someone were able to break one through one layer of AES they'd be able to break through the others as well.


Quote:
Originally Posted by FEAST View Post

This seems to be the best option for what I am looking to do. I think that SFTP is preferable over using a tracker. A tracker removes the need to enter the server's ip, username, and password, which is nice, but it is also a one way deal. SFTP is a more complete system for sending things back and forth all the time. Also, getting a tracker to someone securely for each file is a recurring problem - where as with sftp i can tell them codes over the phone one time and be done.
I have setup an SFTP server and client. I have set user names and passwords and directories. My ip is dynamic so the settings will need to change sometimes.
A few more questions:
SFTP:
1. Is there any way to track what my ip changes to dynamically from a location other than home?
2. I have around ~1MBps upload speed at home, why do my files only upload at 1/10th MBps? How can I speed this up?
3. I have the option to set passwords for my SFTP server AND/OR use some kind of public/private key file? Should I be using a keyfile? How does this even work?
4. To even setup my SFTP server I had to place my computer into a DMZ. Apparently my computer's internal network IP is now the same as my external worldwide IP. I'm not sure what this does etc etc. Should I be using port forwarding instead? Is using a DMZ a security risk?
VPN:
5. VPN's. Can anyone provide me with any information as to how to properly set one of these up?


One minor thing i don't think anyone has touched upon. Most of the time when you read you download and upload speeds, you're reading Mbps (megabits) not MBps (megabytes), there are 8 megabits in a MegaByte. So when you have 1 mbps upload speed, your true speed in MB would be 1/8th of your upload speed.
post #32 of 55
Quote:
Originally Posted by thiussat View Post

That's silly. Multiple encryption offers no extra protection.

Why? Because if someone can break AES, they can break it three times as easily as one.
Quote:
Originally Posted by DoubleOhAlex View Post

Exactly what he said. I would just open up an SSH connection and send the files over. No need to encrypt multiple times and waste a lot of time with all of this, if someone were able to break one through one layer of AES they'd be able to break through the others as well.

The mere fact 3DES was implemented and is a stronger encryption than DES completely negates your arguments. Multiple passes using different asymmetric encryption keys will indeed present further difficulty for an unauthorized decrypting party.

I agree that multiple layers are overkill in this situation, however stating that security in depth is irrelevant is fairly short-sighted.

If someone was to pull your VPN certificate or encryption key through malware or some type of internal intrusion attack, your data is now vulnerable if you only cared enough to use a single pass implementation. You don't have to break the encryption algorithm to obtain the original data, multiple passes currently negates the only real current method of attack which is bruteforce/dictionary if you do not have additional resources when attacking a particular data set.
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #33 of 55
Quote:
Originally Posted by beers View Post

The mere fact 3DES was implemented and is a stronger encryption than DES completely negates your arguments. Multiple passes using different asymmetric encryption keys will indeed present further difficulty for an unauthorized decrypting party.

Did you know that DoubleDES does not increase security at all? Kind of weird, huh? You actually have to use TripleDES to get any security benefit. The bottom line is that cascading ciphers do not improve security in all situations. In fact, it can reduce security! Go read "The Handbook of Applied Cryptography" which is one of the main textbooks on this topic. Look at page 237. It really depends on the ciphers being used.

Cryptography is a very esoteric subject. One needs deep understanding of topics like number theory and discrete mathematics. This is why people who "roll their own" crypto often find themselves less secure than if they had just used the standards that were provided by people who really are experts. A good example of this was the Debian SSL flaw. A Debian programmer was cleaning up some code in the SSL library and came across a couple of lines of code that were redundant. So he deleted one of them. The result? He almost broke the entire security of the Internet. People generated keys and digital certificates which were easily breakable due to his "code cleanup." It was big news. And it happened because one guy who thought he was smarter than the experts went and tampered with their code.
Quote:
If someone was to pull your VPN certificate or encryption key through malware or some type of internal intrusion attack, your data is now vulnerable if you only cared enough to use a single pass implementation.

If someone has compromised your machine and found a way to get your password, it doesn't matter if you encrypt something 1 time or 1000 times. They will have the key (or keys) regardless.
Quote:
You don't have to break the encryption algorithm to obtain the original data, multiple passes currently negates the only real current method of attack which is bruteforce/dictionary if you do not have additional resources when attacking a particular data set.

A single AES key has 256 bits. This is not going to be brute forced before the universe dies. There is no need to encrypt multiple times.
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #34 of 55
Thread Starter 
As far as keyfiles go - how should one go about setting this up? I have tried 5 or 6 times to create a server key and save it on my machine - also trying to upload it into my client. Etc etc. Can't seem to get it to work. I can get you step by step screenshots if you want/anyone can teamview me if they want...Currently using:

Server - xLight
Client - Cyberduck

Also, there are a few options, DSS/RSA?

As far as firewalls go:

I have a cheap modem/router/wireless combo - going into my computer - with an xbox bridged off of the computer. Also, I have a wired netgear router/firewall. My question is - how should I set things up to be the most secure? Do I even need a hardware firewall if I have a software one? What is even the point of having a firewall? Should I be port forwarding or using a DMZ?

Sorry for being such a noob. : (
Nightfire
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 3770k @ 4.6ghz @ 1.31v - LOAD: 57deg C ASUS Maximus V Z77 4 x 7750 Passive (up to 12 monitors) 32gb G-Skill Ripjaws X 
Hard DriveHard DriveHard DriveCooling
2 x OCZ Revodrive Raid1 2 x Samsung 840 Evo Raid1 4 x 3TB Seagate Raid1 Gel Mount D5 w/ Koolance Top on controller, Pas... 
OSMonitorKeyboardPower
Windows 8 & (OSX VMware) 2 x Yamakasi Catleap + 2 x Dell U2312 Razer Blackwidow Ultimate Corsair AX850 (Wish it was a Seasonic) 
CaseAudio
Silvestone RV-02 Cambridge Audio DAC 
  hide details  
Reply
Nightfire
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 3770k @ 4.6ghz @ 1.31v - LOAD: 57deg C ASUS Maximus V Z77 4 x 7750 Passive (up to 12 monitors) 32gb G-Skill Ripjaws X 
Hard DriveHard DriveHard DriveCooling
2 x OCZ Revodrive Raid1 2 x Samsung 840 Evo Raid1 4 x 3TB Seagate Raid1 Gel Mount D5 w/ Koolance Top on controller, Pas... 
OSMonitorKeyboardPower
Windows 8 & (OSX VMware) 2 x Yamakasi Catleap + 2 x Dell U2312 Razer Blackwidow Ultimate Corsair AX850 (Wish it was a Seasonic) 
CaseAudio
Silvestone RV-02 Cambridge Audio DAC 
  hide details  
Reply
post #35 of 55
Sigh. If you had a Linux box as the server, this would be MUCH easier. It looks like the software you are using is proprietary and costs money (I assume you are using the "free" reduced functionality version of Xlight). This whole thread reminds me why I never use Windows for anything but the MMO I play. Everything is a hassle and everything costs money.

I have searched google for SSH software for windows, and sadly almost all of it is merely client software used to connect to an already existing server. This doesn't help people who need to setup the server too. So I would ditch the SSH idea if you insist on using Windows as the server.

What I would do is use FileZilla. It is a free and open-source FTP package that runs on Windows and can be used as a server or client. The server can be setup on Windows, which is what you need it looks like. If going the FTP route, this is definitely your best choice. It supports SFTP or FTP over SSL. How to configure it is something you will have to find for yourself.
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #36 of 55
Thread Starter 
The reason I use windows is because it has great freeware for multiple taskbars, window switchers, etc etc. Compatibility with linux is a huge issue for some of the programs I run.
Nightfire
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 3770k @ 4.6ghz @ 1.31v - LOAD: 57deg C ASUS Maximus V Z77 4 x 7750 Passive (up to 12 monitors) 32gb G-Skill Ripjaws X 
Hard DriveHard DriveHard DriveCooling
2 x OCZ Revodrive Raid1 2 x Samsung 840 Evo Raid1 4 x 3TB Seagate Raid1 Gel Mount D5 w/ Koolance Top on controller, Pas... 
OSMonitorKeyboardPower
Windows 8 & (OSX VMware) 2 x Yamakasi Catleap + 2 x Dell U2312 Razer Blackwidow Ultimate Corsair AX850 (Wish it was a Seasonic) 
CaseAudio
Silvestone RV-02 Cambridge Audio DAC 
  hide details  
Reply
Nightfire
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 3770k @ 4.6ghz @ 1.31v - LOAD: 57deg C ASUS Maximus V Z77 4 x 7750 Passive (up to 12 monitors) 32gb G-Skill Ripjaws X 
Hard DriveHard DriveHard DriveCooling
2 x OCZ Revodrive Raid1 2 x Samsung 840 Evo Raid1 4 x 3TB Seagate Raid1 Gel Mount D5 w/ Koolance Top on controller, Pas... 
OSMonitorKeyboardPower
Windows 8 & (OSX VMware) 2 x Yamakasi Catleap + 2 x Dell U2312 Razer Blackwidow Ultimate Corsair AX850 (Wish it was a Seasonic) 
CaseAudio
Silvestone RV-02 Cambridge Audio DAC 
  hide details  
Reply
post #37 of 55
Quote:
Originally Posted by FEAST View Post

The reason I use windows is because it has great freeware for multiple taskbars, window switchers, etc etc. Compatibility with linux is a huge issue for some of the programs I run.

Linux has even better taskbars, window switchers and all kinds of suff like that. In fact Linux had all this stuff first and most of the time you don't need add-on software to use them. Also, google "Compiz-fusion."
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #38 of 55
someitmnes linux is thee wrong choice wink.gif there is some softwarew that you simpley can not get for linux

you can try
http://www.cygwin.com/

You then need to get and install openssh for cygewin

Then installing this
http://cygwin.com/cgi-bin2/package-cat.cgi?file=openssh%2Fopenssh-5.9p1-1-src&grep=openssh

there is a guide here
http://cygwin.com/cygwin-ug-net/cygwin-ug-net.html

After getting that you could follow this to set up your key
http://archive.networknewz.com/networknewz-10-20030707AuthenticatingbyPublicKeyOpenSSH.html

~~~~~~~~~~~

If you want i could do a utubze vidoe for you smile.gif (easier to follow but it will take me a few hours dam essay !_!)
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
post #39 of 55
Quote:
Originally Posted by Ulquiorra View Post

someitmnes linux is thee wrong choice wink.gif there is some softwarew that you simpley can not get for linux

Like what? Photoshop? Really other than that and games (and a few thing like very specialized CAD like software) what else is missing?
Quote:
you can try
http://www.cygwin.com/
You then need to get and install openssh for cygewin
Then installing this
http://cygwin.com/cgi-bin2/package-cat.cgi?file=openssh%2Fopenssh-5.9p1-1-src&grep=openssh
there is a guide here
http://cygwin.com/cygwin-ug-net/cygwin-ug-net.html
After getting that you could follow this to set up your key
http://archive.networknewz.com/networknewz-10-20030707AuthenticatingbyPublicKeyOpenSSH.html
~~~~~~~~~~~
If you want i could do a utubze vidoe for you smile.gif (easier to follow but it will take me a few hours dam essay !_!)

That's too complicated. I thought about recommending cygwin then I thought it's way too much trouble for this application. Much easier is just to use Filezilla, which works as both a client and server and needs no command line to setup.
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
Skylake Build
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5-6600k Gigabyte Z-170 Gaming 7 Gigabyte R9 390  Gskill Ripjaws V DDR4 
Hard DriveCoolingOSMonitor
Samsung 850 Evo Corsair H115i Windows 10 Pro Asus  
KeyboardPowerCaseMouse
Generic EVGA NEX750 G1 Phanteks Eclipse P400 GSkill MX780 
  hide details  
Reply
post #40 of 55
Vmware client, 3d graphics are the main reason i cant run linux as my main os, howerver the second i get a IOMMU board in goes fedora 17/18 or whatevers out at the time biggrin.gif

And its not that bad if you follow the tutorials

also i thought you could run photoshop in linux and hey whio needs that rubish haha gimp all the way
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way to DIRECTLY send files over encrypted connection?