@@MrMessiah2013 explanation of the topic, by intro i meant the same corporate standardised clip of around 5 6 seconds that plays at the start of every video wasting the viewers time
it's so fluid I didn't notice and just started watching. i just would like a logo for some seconds at the start. the visual information isn't relevant so just show who you are/your brand at the beginning.
As someone in cyber sec I like that he doesn't use buzzwords and try to wow us. He knows what he's talking about, he doesn't add anything on top. This is what it is
@@rileywatson it's like a badge of honor that you only get to flash in niche places on the internet. If you try to tell a normie they either don't care or automatically assume that means you can crack any account and hack any device at will
@@GhostSamaritan very true. I'm not really looking to get rich out of youtube, probably never will. I just like to film anything that I think needs to be filmed to help some people. I mess with smartphones and Linux a lot and fix s lot of the issues on my laptop myself, then just try to film it to share the fix.
I haven’t trusted Google since I made a dummy account, uploaded a picture of an apple named “racecar” to Drive, and immediately saw ads for healthy foods.
I watched a speech about password cracking a while ago, where the guy (who I forgot the name, but who works professionally in pass-cracking) was saying an 8 digit password can be brute-forced in a few days with a cheap rig with 3 or 4 GPUs, and that a 9th digit exponentially raises that bar to a bunch of years, making it infeasible to brute-force. So, according to that guy, apps should be advising the use of 9 or even 10 minimum digits, not 8. And the takeaway from that video: DO NOT USE PATTERNS. _"Obama08!"_ and _"Shekelsteinberg69%"_ are effectively the exact same password from the perspective of a pattern matching algorithm.
@@kendarr Not regular people. But for someone that's more serious about cracking passwords, four GPUS isn't prohibitively expensive. I don't suppose you need the best in the market, or even anything close.
@@skaruts No reason to have 4 low end gpus in that manner, and sure for a especialist on that it might not be too much, but for the avarege "hacker" having 2 GPUs is already a bit a stretch, the more characters the better but more often then not 8 is good enough its what i'm saying
@@kendarr if you're talking about general password cracking on anyone you decide to target then yeah that's not cheap at all but if you really need to get into a specific person's stuff, a rig with a few extra gpus is not that much for what you might gain as a result
I don't even have to choose my background music. It just starts playing whenever I open my web browser, and I have no clue which of the 32 active tabs is doing the music...
lol linustechtips had that happen tho, when they did the "infinite gcloud storage" video, iirc, google gjuys went like "huh, guys, what's all this random data you're uploading gigabytes of? you're not bad guys, right?"
@@jan_harald there are legitimate reasons to be to be skeptical when someone uploads tons of gbs of encrypted files, remember that tech dosent know what right and what's wrong, if there is some ilegal shit in there Google can be on the eyes of gov for that, I think the gouverment made this problem with mega, when they took down megaupload the dude made the system so good its a field for cracked and ilegal stuff, I'm not saying that's all there is there, what I'm saying is that Google can't trust you as much as you dont trust them
For offsite incremental backup, I recommend restic. It automatically do encryption and leverages rclone as backend to store backup almost any cloud storage providers
I prefer to use a cryptographic overlay file system like encfs, which is much easier to work with as it's completely automated. You designate a directory for the encrypted data, which will also be the directory that's synced to the Cloud, and the unencrypted mount point is another directory (or drive letter if using windows), where you work with your files as normal. That way you never have to manually encrypt and decrypt your data in order to work with it, and the only data that's ever synced to the Cloud is always encrypted.
Most precious thing I have in Google's servers is a rare version of Vivaldi Four Seasons. All the rest is my external drives. I don't trust "cloud service" because hackers, a war or government could compromise provider's servers and I'd lose my games, music, work projects... No way.
My fear is even if I encrypt my files Google keeps them eternally and wait until the awake of the quantum computers then decrypt it to see the content 😭
Hey Kenny, would you mind going over open-source alternatives to Google Maps? I'm sick of Google having access to my location whenever I want to go somewhere. Thanks!
openstreetmap.org has always been the biggest recommendation for that, it's free (license) and open source. And Duckduckgo uses AppleMaps instead of Google, im not entirely sure why, and I know Apple is usually as spooky as a bioluminescent bureaucrat.
@@sugaryhull9688 OpenStreetMaps just provides the map data and a basic web client. There are multiple other clients available: eg. Gnome Maps, Qwant Maps (in beta, uses OSM data), OsmAnd (for Android, very feature rich, but slower than some other clients and the UI is not the best). _Do not_ use maps.me though. it was bought by some sketchy company. I think some people are working on a fork of it.
I'm going to have to do this at some point, unfortunately, because airports are full of glowFRIENDS so it's the only safe way for me to transport my files when I fly to another country.
there is actually a way to keep integrity with AES by combining it with RSA. You can make a checksum of the encrypted file and then sign that checksum with your private RSA key. This way you can verify whether the data has been tampered with
Using symmetric encryption to access files on your employer's computer would be a really bad idea! Really, accessing any kind of secret on someone else's hardware is a bad idea. In the US (and most other places, AFAIK), employers have very few restrictions on what data they can collect about their employees. There are whole software suites dedicated to helping managers sift through data like key logging, screen recording, camera/mic recording, application usage stats, and whatever else you can imagine. It's all fair game to them. You should 100% assume that any password you type on a work computer is known by your employer.
@@OggerFN Oh, for sure. I just mean that on a work computer, a bad actor is DEFINITELY, ACTIVELY collecting keystrokes. While on any random x86 computer, a bad actor is maybe doing that.
@@skaruts it would be convenient if we could just copy-paste the ethics of individuals and apply them to corporations. Unfortunately, that has led to pretty egregious, widespread abuse of employees. So, we probably shouldn't treat company-owned machines the same way as personally-owned machines.
@@JoeJoeTater The corporations are owned by individuals. Fundamentally speaking, the relationship between employer and employee is the exact same as that between you and your plumber. An employer is an entity buying a service, and an employee is an entity selling a service. The hard reality is that many worker rights are nothing short of ways to extort or harass buyers. Hell, the minimum wage, for example, is the exact equivalent to telling you that you cannot pay less than X to your barber. Anyway, don't confuse this for a defense of corporations of whatever. I'm just laying things out for what they actually are. Companies are owned by people with the same rights as everyone else. Their computers are their computers. What should happen is that everyone should be aware about the problems of using other people's computers for personal stuff. Given that, realistically, most people won't ever know all that they need to know, maybe there's a discussion to be had about whether or not it would be justifiable to mandate that employers be transparent about their use of keyloggers and all that. Whatever the case, you should always keep in mind that there's no difference between having legal restrictions on their ability to monitor their computers and having legal restrictions on your ability to monitor your personal computer at home. If you're gonna be advocating for that kind of laws, that should give you a sense of what exactly you'll be advocating for.
I do not find that there is a huge performance difference between symmetric and asymmetric encryption with GPG. The reason for this is that encrypts your data with a randomly generated one-time symmetric key, and then encrypts only that (relatively small) key asymmertcically. That's how you can encrypt a message to multiple recipients. You encrypt the message once, and then encrypt the session key with each of their public keys.
I used to use that method a long time ago until I found a cryptomator. Cryptomator encrypts files and opens up a way to interact with your encrypted files in the vault via virtual disk or webdav rather than giving you a whole encrypted container that is extremely hard to sync with cloud. It also supports major cloud providers. It has some drawbacks though. Only the core part is open sourced (so that they can monetize the software) and it is written in java which forces you to have a jre on your machine. The encryption method is based on aes-ctr (if I'm not wrong), yet the implementation is not standard and but there is a good documentation about how it is done. I have been working on a lightweight alternative which is written on go. It behaves like a daemon exposing a webdav server, can be deployed to all platform that go supports, it is highly portable and lightweight. I haven't published it because of some issues with plain text files (all media files are ok). The project is abandoned as I don't have time to fix all issues and paying of technical debt during prototyping. Maybe I'll revive it someday, or maybe I'll find a good alternative to cryptomator. P.S.: Syncthing is a good way to sync stuff cloudless across your devices.
In a world where gov agencies keep legally forcing companies to let them access people's files, you can be sure there's one or more ways that someone could be nosing around your files. Maybe even backdoors.
@Capitalism 4 life Nah bruh, im talking about hardware which is used as a key to decrypt anything u had encrypted instead of letting the key float around in files.
What about creating a VeraCrypt volume with your files and sync the volume? It seems easier. You can even create a hidden volume inside the main volume to really hide some data. Is it a good alternative? What are pros and cons?
That's similar in principle to what he did here with the tar archive. The main con I see is that you have to resync the whole archive to the cloud even if you just make a small change to one file. Should be fine for small volumes, in fact I do that myself. But if you have a large amount of data, and most of it doesn't change often, that's a lot of extra overhead
loved that, even with applications to do that job is even better (for me) use command line thank u so much and I hope u keep bringing up this kind of content!!!
To anyone who tries this and is unable to use --no-symkey-cache. This is because this was apparently added to gpg version 2.2.7, if you are on an Ubuntu derivative there is a chance that you are using an older gpg program, so you will probably have to update the program or the OS itself.
You can technically encrypt the asymmetrical key too (passphrase), which I usually do for SSH. Also for integrity, the AES-GCM variant will ensure integrity, I don't know if gpg supports it though.
For me I just compress all my file to rar or 7zip then encrypt it in AES256 (including file names) in 64 character long password generated by urandom. So good luck decrypting that or even try to take a glimpse at the content of that file, though encrypting individual files is a good thing so I will also use this for when I have to store sensitive data on the cloud. Though I kinda hope those files can also be opened in windows machine because there are times that I have to access my file in windows...
Just buy a raspberry pi 4 and a usb drive, set up port forwarding and boom, you got "cloud" storage. For secure backups you can tar and encrypt it and store it on the cloud, or even better, a friend's drive
Who needs encryption when you can just upload a password protected zip file unconspicuously named budget2021.zip Nothing to see here folks, just "very important money stuff".
Best thing is when Google calls to ask if you want advertising is to ask if they are Javascript free and if the software being used to push the ads is gpl
Tip for VIM: Shift z z in command mode saves the file and exits. ZZ in normal mode saves the current file if modified and exits or closes the current window/tab (same as :x but not :wq which writes the file even if it hasn't been modified). To exit unconditionally without changing anything: ZQ (same as :q! ).
AES256 is no more secure than AES128 for symmetric encryption where your passphrase limits your security, not the algo. Theoretically, AES128 is actually the more sound design anyway. AES256 has too few rounds for the key size, which its cyptanalysis has shown. Aes128 has better dispersion of the key material. Use AES128, or any other well-established algo, and worry about your passphrase instead, and you won’t end up looking stupid in the eyes of the intelligence agencies. The algo never matters.
The algo matters. AES256 *is* more secure, and the only acceptable option. Which cryptanalysis has told you otherwise?? Furthermore, when it comes to quantum computers, Grover's Algorithm can be used to speed up brute forcing the encryption key. "Grover's algorithm could brute-force a 128-bit symmetric cryptographic key in roughly 264 iterations, or a 256-bit key in roughly 2128 iterations."
AES256 is more secure in the long run. Quantum computers theoretically will half the difficulty of brute forcing AES. If you only use AES128 a quantum computer would reduce the bit security down to 2 to the power of 64 making it entirely brute forceable within a relativity short time frame. Use AES256 if you want your encryption to remain secure in the long term.
@@mulletman1705 Those AES256 related key attacks are nasty, though... showing AES256 design issues even though they are infeasible in practice. But so are all attacks on any modern 128-bit-block algorithms. The algo does not matter. No-one attacks the symmetric key by bruteforce. It is too expensive even with a future quantum computer within a timescale that matters. The adversary will always attack the passphrase since it will have less entropy and is easier to break -- or so the adversary conjectures. No algo, no matter how broken, is known to have successfully been attacked by bruteforce since DES or incorrectly applied RC4 or low-bit-RC5. Yet encrypted data are compromised all the time. It just happens by other means.
@@mechantl0up no one attacks the key by brute force as it would not be broken within a reasonable time frame with there being 2 to the power of 128 different possible keys for AES128. However it is feasable for current commuters to brute force 2 to the power of 64 different possible keys within a reasonable time frame. That is why you should not use AES128 if you are concerned about long term encryption.
@@mulletman1705 That assumption relies on the fact that 2^64 quantum computers are feasible within the time span necessary for keeping something secret from today, and that someone will expend such a computing resource on cracking the particular key I am using. These are bold assumptions. Before that happens, our existing public key crypto infrastructure will have collapsed and all our historical, asymmetrically encrypted data exposed by quantum computers. I am more concerned over that. Even today, no-one can afford to spend the money for 2^64 operations to crack keys. Moreover, for long-term secrets you have to be very careful with file formats. I only ever use TAR and standard GZIP and unformatted text documents when possible. Imagine decrypting your mid-1990s PGP-encrypted floppies. No-one still can break the broken 64-bit 128-bit-key IDEA algorithm, but you may not be able to access the data (at least inexpensively) due to extinct file formats...
I generally don't bother compressing my tar files before encrypting. I believe that compression is the first step of then encryption process anyways. Doing it manually seems redundant.
You can also use Age file encryption, it’s has saner default, for example it does not cache the password by default. Be careful with pgp it has soo many moving parts!
You named your tar file pepes.tar.gz even though you didn't pass -z (meaning you're not doing any compression). You just made a tar file, not a compressed tar file, so you should drop the .gz
So, your saying, that I should encrypt my furry porn videos that I find to the cloud? Also, I can't let people know what programs and registry tweaks I use on Windows 10.
The cloud automatically backups your files and keeps them in a quality state. USB drives and external hard-drives go kaput, and you can see data decay on them within about 5 years. If you're wanting to archive your shit, the cloud is the cheapest way to do it.
@@AbandonedVoid I would rather pay 10 euros a month for USBs than give all my data to an unkown cloud service, or apple or google. And hosting one is less cheap and less secure.
3:12 you have no idea if the compiled binary they're using is the one they claim. Even if you were able to run a hash on it, who's to say they dont have software to masks what you get back.
Symmetric encryption like aes is actually safer than let's say rsa. Rsa theoretically can already be cracked by Google with their quantum computer that's not the case with aes. The only pros of asymmetric encryption is that you can give out public key and use it for signatures. Otherwise symmetric is better.
Just encrypting something with asymmetric encryption doesn't provide more integrity than encrypting with a symmetric key if you're not signing it. Asymmetric encryption solves the problem of sending an encrypted message to someone so that they can read it without sharing private keys and it takes much more resources than symmetric so it's kind of pointless to use it on this scenario.
I keep coming back to this vid because I forget the gpg args lol btw a little nitpicky comment, when you use tar -cf to make an archive, it won't actually gzip the file, using -zcf does tho. I say this beacuse you gave the filename a .tar.gz extension that would lead you to believe it was actually gzipped
This is kind of a pain in the ass, a drop and play solution would be more user friendly, like a program with a gui that you drop your file onto and it encrypts it for you. If you want to unencrypt then just enter your pass-code for the program once and away you go.
You can automate all of this however you want with aliases or a small script, so this is a lot more powerful and easier in the long run. Writing a simple example: #!/bin/sh [ -d $1 ] && tar -cf $1.tar.gz $1 && gpg -c --no-symkey-cache --cipher-algo AES256 $1.tar.gz || gpg -c --no-symkey-cache --cipher-algo AES256 $1 If you call this file dorkcrypt, then chmod +x dorkcrypt to make it executable, then run ./dorkcrypt filename. If it's a directory ($1 is the argument, which is the filename, and the -d option in the test checks if it's a directory), it will be turned into a tar.gz and then encrypted (&& makes the next command run if the previous one was successful), and if it's not (|| runs a command if the previous one failed), it will just be encrypted. Just an example. You can do the same for decrypting, decompressing and removing everything from the archive in one command.
Here's and easier way: Create an Encrypted container on your PC with TrueCrypt 7.1a (Do not use the latest! They disabled the Encryption when they shutdown). Also the open source code for it is available online. Upload that Container to the cloud (with the TrueCrypt installer if you want). I wonder if Mega.nz / mega.io is better than any other service cloud. It's Kim Dotcom's middle finger to all the 3 & 4 letter agencies that shutdown his previous data file hosting websites by encrypting the data and making it non-accessible to people who don't have the Key.
Great content. Do you know of any solution to perform sort of an "encrypted mouting" of a cloud storage? Some software (eg. rclone) allow to mount a cloud storage (eg. it appears as a drive). But is there some way to seamlessly encrypt everything at client side? analogous as how full disk encryption with [LVM over] LUKS is (virtually) seamless. And also I'd to argue that symmetric encryption can provide integrity, if the cipher uses an AEAD mode of operation. However, I'm unaware about what cipher GPG uses.
Wouldn't it be safer to encrypt using a password instead of a gpg key? As I see it one key is one central point of failure, while you could use unique hard passwords for each file of interest instead
So you're telling me encrypting a tar archive without encrypting all the content first is just as secure as encrypting all the files within the folder individually?
this is basically what companies like Sentra advocate. However, when doing this en masse its better to only put layers of encryption on your most sensitive info
Whats the difference between first creating an archive and then encrypting it with a password, when I can just make an encrypted zip file with the same password. Is is less safer? Afaik a zip file should protect integrity pretty well too.
You can also run restic if you used rclone I used to use it to store my SQL backups on an infinite Google Drive seller who probably is exploiting the alumni benefit system of an university in Taiwan...? but because (s)he had full administration permission on my "subsidiary" account (as this is required to make a fake alumni) this mean (s)he could have my reviewed my content in plaintext, so I decided to encrypt it before sending it to the drive in rclone and it works well.
Another way to do it is use WinRar to make encrypted Rar files. That allows one to encrypt entire directory trees into a single file. That's useful if you want to encrypt a whole mess of directories and files all at once and store the whole mess in a single file which can then be stashed on Google Drive so that you can access it from any internet-connected computer anywhere, with very low probability of anyone being able to decipher them. Another way is to use "Vault" software such as KDE's "Vaults 1.0" to create a "Vault" containing a directory tree. The Vault files can then be stored on the cloud, again with very low probability of anyone being able to decipher them. But the ultimate way is to *_not_* put your data "on the cloud", but rather, put it on tiny Samsung S7 2TB SSDs, devices the size of packs of bubble gum, weighing about 1oz and costing about $200 for 2TB. Use LUKS encrpytion with a strong pass phrase (such as "82 times he struck his foe with his vorpal sword" or some such thing that's easy for you to remember but impossible for anyone to guess). And always make 3 or 4 copies of everything. Then just put the modules in your breifcase, backpack, pocket, or purse. If it gets lost, no big deal, you got backkups and no one is going to be able to decrypt it, and you can always make more copies (also encrypted, of course).
This is kind of obvious and it does not address the important part; how can you make all this convenient? Is there a tool like a cloud storage client that does this for you in the background while still allowing you to use a big cloud provider like google?
When I want to encrypt a file or a series of files, I tend to use Tomb instead of GPG and to put the key into some other file. I hope it's available on Gentoo.
Never change your video editing formula. This format is perfect, no music, no intro, no time-wasting bullsh, just fact and pure content. Good job.
and subtitles must be good
Agreed
> no intro
What do you call this: 0:00-2:00?
@@MrMessiah2013 explanation of the topic, by intro i meant the same corporate standardised clip of around 5 6 seconds that plays at the start of every video wasting the viewers time
it's so fluid I didn't notice and just started watching. i just would like a logo for some seconds at the start. the visual information isn't relevant so just show who you are/your brand at the beginning.
Starting to think Mental Outlaw is the one looking at my history rather than Google. I searched this shit like yesterday.
Should have tarred and encrypted your duckduckgo searches
@@magnusanderson6681 Not you too, how the hell do you know I use DuckDuckGo?
@@z_0968 He listened to your breathing patterns
@Picolino de Marte Oh yeah how many fingers am I holding up?
@@z_0968 two, should've just gotten rid of your hands, they're just bloat
As someone in cyber sec I like that he doesn't use buzzwords and try to wow us. He knows what he's talking about, he doesn't add anything on top. This is what it is
For real, I want to get into cybersecurity and it's helpful when I understand is what is said
As someone who isn’t in cyber sec, I like how everyone in cyber sec feels the need to state they’re in cyber sec before getting to their point
@@rileywatson it's like a badge of honor that you only get to flash in niche places on the internet. If you try to tell a normie they either don't care or automatically assume that means you can crack any account and hack any device at will
@@itsme7570wish I can find a niche to brag about my employment
Yes he does use buzzwords one example: *woke* in a negative connotation way.
No intro, no outro, and shit is still sofa king good. Thanks, man. You're the 🐐
Edit: and no background music.
@Average Linux User I guess I'll need to stop my bullshit then 😂. I do have intro and outro and BG music. Ya know, to attract people to sub.
I am the Sofa King
@@MyReviews_karkan People will subscribe if they really enjoy your content.
@@veirant5004 Apparently not. 😂
I just like to edit and add shit to my videos.
@@GhostSamaritan very true. I'm not really looking to get rich out of youtube, probably never will. I just like to film anything that I think needs to be filmed to help some people. I mess with smartphones and Linux a lot and fix s lot of the issues on my laptop myself, then just try to film it to share the fix.
I haven’t trusted Google since I made a dummy account, uploaded a picture of an apple named “racecar” to Drive, and immediately saw ads for healthy foods.
I watched a speech about password cracking a while ago, where the guy (who I forgot the name, but who works professionally in pass-cracking) was saying an 8 digit password can be brute-forced in a few days with a cheap rig with 3 or 4 GPUs, and that a 9th digit exponentially raises that bar to a bunch of years, making it infeasible to brute-force. So, according to that guy, apps should be advising the use of 9 or even 10 minimum digits, not 8. And the takeaway from that video: DO NOT USE PATTERNS. _"Obama08!"_ and _"Shekelsteinberg69%"_ are effectively the exact same password from the perspective of a pattern matching algorithm.
A rig with 3 or 4 gpus are not cheap, not even because of the whole chip problem, is just not common for people to have that type of rig
@@kendarr Not regular people. But for someone that's more serious about cracking passwords, four GPUS isn't prohibitively expensive. I don't suppose you need the best in the market, or even anything close.
@@skaruts No reason to have 4 low end gpus in that manner, and sure for a especialist on that it might not be too much, but for the avarege "hacker" having 2 GPUs is already a bit a stretch, the more characters the better but more often then not 8 is good enough its what i'm saying
@@kendarr if you're talking about general password cracking on anyone you decide to target then yeah that's not cheap at all but if you really need to get into a specific person's stuff, a rig with a few extra gpus is not that much for what you might gain as a result
Former insipid instance. So 😐 it was
rm -rf on a single file just for the lulz
i do that out of habit lul
@@kira64xyz me too
thats dumb you gotta zero it out first
muscle memory bruv
@@kira64xyz lul?
even your vids are like linux, I can customize them by adding my own background music
DISM moment
I don't even have to choose my background music. It just starts playing whenever I open my web browser, and I have no clue which of the 32 active tabs is doing the music...
I love that XD @@InventorZahran
Rclone with encryption layer is also a great tool for using 3rd party cloud drives seamlessly
actually expected this to be the content of the video
That sounds really cool. Any guide on how to do it?
@@glitchy_weasel they have very good documentation on their website
Pretty useful. Especially for coomers.
Liking the upload spree so far.
coomers get the rope
@@jcs27 BDSM Coomers like rope
@@hhhyyy4375 fuck, totally missed that one
I'm sure Google won't bat an eye when I start uploading hundreds of gigabytes of encrypted data to their servers.
lol linustechtips had that happen tho, when they did the "infinite gcloud storage" video, iirc, google gjuys went like "huh, guys, what's all this random data you're uploading gigabytes of? you're not bad guys, right?"
@@jan_harald there are legitimate reasons to be to be skeptical when someone uploads tons of gbs of encrypted files, remember that tech dosent know what right and what's wrong, if there is some ilegal shit in there Google can be on the eyes of gov for that, I think the gouverment made this problem with mega, when they took down megaupload the dude made the system so good its a field for cracked and ilegal stuff, I'm not saying that's all there is there, what I'm saying is that Google can't trust you as much as you dont trust them
For offsite incremental backup, I recommend restic. It automatically do encryption and leverages rclone as backend to store backup almost any cloud storage providers
I prefer to use a cryptographic overlay file system like encfs, which is much easier to work with as it's completely automated. You designate a directory for the encrypted data, which will also be the directory that's synced to the Cloud, and the unencrypted mount point is another directory (or drive letter if using windows), where you work with your files as normal.
That way you never have to manually encrypt and decrypt your data in order to work with it, and the only data that's ever synced to the Cloud is always encrypted.
Is there a vid 9n how to do this?
No filesystem compression with encfs makes me sad.
Hello, are you still using cryptography overlay? Which program should I buy that's like yours ? Thank you
Most precious thing I have in Google's servers is a rare version of Vivaldi Four Seasons. All the rest is my external drives. I don't trust "cloud service" because hackers, a war or government could compromise provider's servers and I'd lose my games, music, work projects... No way.
My fear is even if I encrypt my files Google keeps them eternally and wait until the awake of the quantum computers then decrypt it to see the content 😭
I love your channel, I've watched a couple of them and all of them are informative and useful thank you.
Hey Kenny, would you mind going over open-source alternatives to Google Maps? I'm sick of Google having access to my location whenever I want to go somewhere. Thanks!
Deactivate location on your phone
openstreetmap.org has always been the biggest recommendation for that, it's free (license) and open source. And Duckduckgo uses AppleMaps instead of Google, im not entirely sure why, and I know Apple is usually as spooky as a bioluminescent bureaucrat.
OpenStreetMaps, but it's not as feature-rich
@@sugaryhull9688 OpenStreetMaps just provides the map data and a basic web client. There are multiple other clients available: eg. Gnome Maps, Qwant Maps (in beta, uses OSM data), OsmAnd (for Android, very feature rich, but slower than some other clients and the UI is not the best).
_Do not_ use maps.me though. it was bought by some sketchy company. I think some people are working on a fork of it.
Apple maps would work
I'm going to have to do this at some point, unfortunately, because airports are full of glowFRIENDS so it's the only safe way for me to transport my files when I fly to another country.
@Blaxer XO do you even know what an RFID scanner is or do you just assume it's some star trek shit that magically vacuums your data?
@@4.0.4 since he deleted his reply what did he say
there is actually a way to keep integrity with AES by combining it with RSA. You can make a checksum of the encrypted file and then sign that checksum with your private RSA key. This way you can verify whether the data has been tampered with
This is why banks use RSA keys for wires and loans
Using symmetric encryption to access files on your employer's computer would be a really bad idea! Really, accessing any kind of secret on someone else's hardware is a bad idea. In the US (and most other places, AFAIK), employers have very few restrictions on what data they can collect about their employees. There are whole software suites dedicated to helping managers sift through data like key logging, screen recording, camera/mic recording, application usage stats, and whatever else you can imagine. It's all fair game to them. You should 100% assume that any password you type on a work computer is known by your employer.
I mean encrypting on a computer with Intel ME (or Amd's counterpart)active isn't really safe either.
@@OggerFN Oh, for sure. I just mean that on a work computer, a bad actor is DEFINITELY, ACTIVELY collecting keystrokes. While on any random x86 computer, a bad actor is maybe doing that.
To be fair, they should not have any restrictions on monitoring their own computers.
@@skaruts it would be convenient if we could just copy-paste the ethics of individuals and apply them to corporations. Unfortunately, that has led to pretty egregious, widespread abuse of employees. So, we probably shouldn't treat company-owned machines the same way as personally-owned machines.
@@JoeJoeTater The corporations are owned by individuals. Fundamentally speaking, the relationship between employer and employee is the exact same as that between you and your plumber. An employer is an entity buying a service, and an employee is an entity selling a service. The hard reality is that many worker rights are nothing short of ways to extort or harass buyers. Hell, the minimum wage, for example, is the exact equivalent to telling you that you cannot pay less than X to your barber.
Anyway, don't confuse this for a defense of corporations of whatever. I'm just laying things out for what they actually are. Companies are owned by people with the same rights as everyone else. Their computers are their computers.
What should happen is that everyone should be aware about the problems of using other people's computers for personal stuff. Given that, realistically, most people won't ever know all that they need to know, maybe there's a discussion to be had about whether or not it would be justifiable to mandate that employers be transparent about their use of keyloggers and all that.
Whatever the case, you should always keep in mind that there's no difference between having legal restrictions on their ability to monitor their computers and having legal restrictions on your ability to monitor your personal computer at home. If you're gonna be advocating for that kind of laws, that should give you a sense of what exactly you'll be advocating for.
I do not find that there is a huge performance difference between symmetric and asymmetric encryption with GPG. The reason for this is that encrypts your data with a randomly generated one-time symmetric key, and then encrypts only that (relatively small) key asymmertcically. That's how you can encrypt a message to multiple recipients. You encrypt the message once, and then encrypt the session key with each of their public keys.
If you want to have integrity with a block cipher like AES, you can use AES-GCM (SIV) for confidentiality and integrity.
I used to use that method a long time ago until I found a cryptomator.
Cryptomator encrypts files and opens up a way to interact with your encrypted files in the vault via virtual disk or webdav rather than giving you a whole encrypted container that is extremely hard to sync with cloud. It also supports major cloud providers.
It has some drawbacks though. Only the core part is open sourced (so that they can monetize the software) and it is written in java which forces you to have a jre on your machine. The encryption method is based on aes-ctr (if I'm not wrong), yet the implementation is not standard and but there is a good documentation about how it is done.
I have been working on a lightweight alternative which is written on go. It behaves like a daemon exposing a webdav server, can be deployed to all platform that go supports, it is highly portable and lightweight. I haven't published it because of some issues with plain text files (all media files are ok). The project is abandoned as I don't have time to fix all issues and paying of technical debt during prototyping. Maybe I'll revive it someday, or maybe I'll find a good alternative to cryptomator.
P.S.: Syncthing is a good way to sync stuff cloudless across your devices.
Great informative videos without all the bloat. Just like Linux.
In a world where gov agencies keep legally forcing companies to let them access people's files, you can be sure there's one or more ways that someone could be nosing around your files. Maybe even backdoors.
"Don't Be Evil" wasn't removed by Google as their mission statement. They only removed the word "Don't" 🙂
Still a pretty good idea to remove the metadata from files too even after encrypting using something like mat2 or exiftools.
Can you make a video on hardware security keys? They really intrigue me cos they seem to be much more convenient , just plug and play access
@Capitalism 4 life Nah bruh, im talking about hardware which is used as a key to decrypt anything u had encrypted instead of letting the key float around in files.
@@crashedbruh a USB key? would be a real help for me too ^^;
@@DezzarTac Yep those ones, pretty neat stuff !
my loli lewd handholding pics will be always in danger at this rate , might as well starting build my own server with my uni savings.
based purechad
Definitely encrypting mine before any situation that requires being around glowFRIENDS that may want to invade my privacy for my safety, as they say.
@@censoredterminalautism4073 with some encrypting software wrote in Holy C
based af
HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS
What about creating a VeraCrypt volume with your files and sync the volume? It seems easier. You can even create a hidden volume inside the main volume to really hide some data. Is it a good alternative? What are pros and cons?
.
That's similar in principle to what he did here with the tar archive. The main con I see is that you have to resync the whole archive to the cloud even if you just make a small change to one file. Should be fine for small volumes, in fact I do that myself. But if you have a large amount of data, and most of it doesn't change often, that's a lot of extra overhead
Your best bet is rsync, with an encrypted volume. It's a touch less portable but much easier to use.
@@ICy42 sounds a whole lot more complicated just to encrypt a file
I agree with the question and am still a little confused after all the answers given. Is there more overhead when using VeraCrypt?
remember that encryption based on passphrases is only as secure as the way you chose to distribute the passphrase
Love the videos, I was wondering if you could do a tutorial on setting up an encrypted network directory for use as a pseudo-cloud just for the LAN?
loved that, even with applications to do that job is even better (for me) use command line
thank u so much and I hope u keep bringing up this kind of content!!!
These tutorial formats make sense, and are to the point. Appreciate your time and explanation of this opsec mitigation method.
To anyone who tries this and is unable to use --no-symkey-cache. This is because this was apparently added to gpg version 2.2.7, if you are on an Ubuntu derivative there is a chance that you are using an older gpg program, so you will probably have to update the program or the OS itself.
You can technically encrypt the asymmetrical key too (passphrase), which I usually do for SSH.
Also for integrity, the AES-GCM variant will ensure integrity, I don't know if gpg supports it though.
For me I just compress all my file to rar or 7zip then encrypt it in AES256 (including file names) in 64 character long password generated by urandom. So good luck decrypting that or even try to take a glimpse at the content of that file, though encrypting individual files is a good thing so I will also use this for when I have to store sensitive data on the cloud. Though I kinda hope those files can also be opened in windows machine because there are times that I have to access my file in windows...
Thanks, my 2TB stash of Marina Ann Hantzis movies has never been safer.
After seeing your video, I have started storing heavy data in my google workspace account. Now, the workspace admin will only see crap in his Vault😆😆😆
Just buy a raspberry pi 4 and a usb drive, set up port forwarding and boom, you got "cloud" storage. For secure backups you can tar and encrypt it and store it on the cloud, or even better, a friend's drive
Who needs encryption when you can just upload a password protected zip file unconspicuously named budget2021.zip
Nothing to see here folks, just "very important money stuff".
How effective are ZIP passwords anyway
Any suggestions for filename encryption too? Which can be decrypted quickly.
@@nykal1510 You can download a myriad of zip brute forcers that do the job in a few minutes, so...
@@No-uc6fg Damn, that's tough
@@nykal1510 even a script kiddoe can open it
Best thing is when Google calls to ask if you want advertising is to ask if they are Javascript free and if the software being used to push the ads is gpl
Tip for VIM:
Shift z z in command mode saves the file and exits. ZZ in normal mode saves the current file if modified and exits or closes the current window/tab (same as :x but not :wq which writes the file even if it hasn't been modified). To exit unconditionally without changing anything: ZQ (same as :q! ).
AES256 is no more secure than AES128 for symmetric encryption where your passphrase limits your security, not the algo. Theoretically, AES128 is actually the more sound design anyway. AES256 has too few rounds for the key size, which its cyptanalysis has shown. Aes128 has better dispersion of the key material.
Use AES128, or any other well-established algo, and worry about your passphrase instead, and you won’t end up looking stupid in the eyes of the intelligence agencies. The algo never matters.
The algo matters. AES256 *is* more secure, and the only acceptable option. Which cryptanalysis has told you otherwise??
Furthermore, when it comes to quantum computers, Grover's Algorithm can be used to speed up brute forcing the encryption key. "Grover's algorithm could brute-force a 128-bit symmetric cryptographic key in roughly 264 iterations, or a 256-bit key in roughly 2128 iterations."
AES256 is more secure in the long run. Quantum computers theoretically will half the difficulty of brute forcing AES. If you only use AES128 a quantum computer would reduce the bit security down to 2 to the power of 64 making it entirely brute forceable within a relativity short time frame. Use AES256 if you want your encryption to remain secure in the long term.
@@mulletman1705 Those AES256 related key attacks are nasty, though... showing AES256 design issues even though they are infeasible in practice. But so are all attacks on any modern 128-bit-block algorithms.
The algo does not matter. No-one attacks the symmetric key by bruteforce. It is too expensive even with a future quantum computer within a timescale that matters. The adversary will always attack the passphrase since it will have less entropy and is easier to break -- or so the adversary conjectures.
No algo, no matter how broken, is known to have successfully been attacked by bruteforce since DES or incorrectly applied RC4 or low-bit-RC5. Yet encrypted data are compromised all the time. It just happens by other means.
@@mechantl0up no one attacks the key by brute force as it would not be broken within a reasonable time frame with there being 2 to the power of 128 different possible keys for AES128. However it is feasable for current commuters to brute force 2 to the power of 64 different possible keys within a reasonable time frame. That is why you should not use AES128 if you are concerned about long term encryption.
@@mulletman1705 That assumption relies on the fact that 2^64 quantum computers are feasible within the time span necessary for keeping something secret from today, and that someone will expend such a computing resource on cracking the particular key I am using. These are bold assumptions.
Before that happens, our existing public key crypto infrastructure will have collapsed and all our historical, asymmetrically encrypted data exposed by quantum computers.
I am more concerned over that.
Even today, no-one can afford to spend the money for 2^64 operations to crack keys.
Moreover, for long-term secrets you have to be very careful with file formats. I only ever use TAR and standard GZIP and unformatted text documents when possible.
Imagine decrypting your mid-1990s PGP-encrypted floppies. No-one still can break the broken 64-bit 128-bit-key IDEA algorithm, but you may not be able to access the data (at least inexpensively) due to extinct file formats...
exactly, this stuff should be pure common sense to most...yet we see how lacking that can be over-all in society at times. Well, times change.
I prefer gocryptfs, so it can sends diffs and you can edit the files inside the directory
go to dwm's config.h > set value of "resizehints" to 0. your uneven terminal around the edges always bugs me
I generally don't bother compressing my tar files before encrypting. I believe that compression is the first step of then encryption process anyways. Doing it manually seems redundant.
You forgot the 'z', tar -cf just creates an archive, no gzip. No need for gz.
No need for the .gz _filename extension._
it was to throw off the hackers duh. do you even secure your data?
Who is going to encrypt files individually before uploading to the cloud? It’s too difficult and time consuming.
I never use cloud storage unless I gotta send a file to a friend. I use USB sticks instead.
thank you sir! I learned something new today and now to go and encrypt all my docs in Dropbox!!!
You're one of the best things on UA-cam
holy, it's actually very useful!
thank you orange cat
You can also use Age file encryption, it’s has saner default, for example it does not cache the password by default. Be careful with pgp it has soo many moving parts!
You named your tar file pepes.tar.gz even though you didn't pass -z (meaning you're not doing any compression). You just made a tar file, not a compressed tar file, so you should drop the .gz
I cringed when I saw that, he also passed the `recursive` and `force` flags every time he removed a single file that wasn't even write-protected.
So, your saying, that I should encrypt my furry porn videos that I find to the cloud?
Also, I can't let people know what programs and registry tweaks I use on Windows 10.
Thank you Kenny. Very Cool!
Now I can upload more torrents by google-colab on google drive without getting that copyright email!
Why not get an USB drive and store it on that instead?
Do you want to drag around 400 TB of cp in USB drives with you?
@@OggerFN lmaoo I imagine it all tied to a key chain making clacking sounds hahaha
The cloud automatically backups your files and keeps them in a quality state. USB drives and external hard-drives go kaput, and you can see data decay on them within about 5 years. If you're wanting to archive your shit, the cloud is the cheapest way to do it.
@@AbandonedVoid
kaput?
Do you mean kaputt as in german for broken?
@@AbandonedVoid I would rather pay 10 euros a month for USBs than give all my data to an unkown cloud service, or apple or google. And hosting one is less cheap and less secure.
People who understood this video don't need the guide.
i needed it, and it worked for me
I’ve heard of people uploading a ton of encrypted files and having that data corrupted or disappear after a few months.
Google's "don't be evil" was never meant for themselves.
I use the ancient forgotten method of buying an external hard drive, disconnect from the internet and copy and paste into said hard drive.
3:12 you have no idea if the compiled binary they're using is the one they claim. Even if you were able to run a hash on it, who's to say they dont have software to masks what you get back.
Symmetric encryption like aes is actually safer than let's say rsa. Rsa theoretically can already be cracked by Google with their quantum computer that's not the case with aes. The only pros of asymmetric encryption is that you can give out public key and use it for signatures. Otherwise symmetric is better.
I really think we should all just goto the store and print all those pics weve been saying were going to for years now. Then delete all the digitals.
I hope my world conqueror 3 rebalance mod will be safe.
shut up you mobile gamer hungarian
Albania 🇦🇱🇦🇱🇦🇱
gpg is too low level, you should use rclone and automatically sync the directory (and encrypt). I use rclone to store my notes on gdrive encrypted
Uhh thats a neat idea, thank you for sharing
I'm new on Linux, these commands work in all distros?
Just encrypting something with asymmetric encryption doesn't provide more integrity than encrypting with a symmetric key if you're not signing it. Asymmetric encryption solves the problem of sending an encrypted message to someone so that they can read it without sharing private keys and it takes much more resources than symmetric so it's kind of pointless to use it on this scenario.
Am I missing something, or shouldn't the tar command also have the -z option if you name the archive .gz?
I keep coming back to this vid because I forget the gpg args lol
btw a little nitpicky comment, when you use tar -cf to make an archive, it won't actually gzip the file, using -zcf does tho. I say this beacuse you gave the filename a .tar.gz extension that would lead you to believe it was actually gzipped
bruh what if we use client side encryption but also have the corporation encrypt the encrypted data 😎
This is kind of a pain in the ass, a drop and play solution would be more user friendly, like a program with a gui that you drop your file onto and it encrypts it for you. If you want to unencrypt then just enter your pass-code for the program once and away you go.
GUI is way slower than command line, unless you're a slow typer
You can automate all of this however you want with aliases or a small script, so this is a lot more powerful and easier in the long run.
Writing a simple example:
#!/bin/sh
[ -d $1 ] && tar -cf $1.tar.gz $1 && gpg -c --no-symkey-cache --cipher-algo AES256 $1.tar.gz || gpg -c --no-symkey-cache --cipher-algo AES256 $1
If you call this file dorkcrypt, then chmod +x dorkcrypt to make it executable, then run ./dorkcrypt filename. If it's a directory ($1 is the argument, which is the filename, and the -d option in the test checks if it's a directory), it will be turned into a tar.gz and then encrypted (&& makes the next command run if the previous one was successful), and if it's not (|| runs a command if the previous one failed), it will just be encrypted. Just an example. You can do the same for decrypting, decompressing and removing everything from the archive in one command.
Theres already a program that does that and it's called Cryptomator.
Here's and easier way:
Create an Encrypted container on your PC with
TrueCrypt 7.1a (Do not use the latest! They disabled the Encryption when they shutdown). Also the open source code for it is available online.
Upload that Container to the cloud (with the TrueCrypt installer if you want).
I wonder if Mega.nz / mega.io is better than any other service cloud. It's Kim Dotcom's middle finger to all the 3 & 4 letter agencies that shutdown his previous data file hosting websites by encrypting the data and making it non-accessible to people who don't have the Key.
Great content.
Do you know of any solution to perform sort of an "encrypted mouting" of a cloud storage? Some software (eg. rclone) allow to mount a cloud storage (eg. it appears as a drive). But is there some way to seamlessly encrypt everything at client side? analogous as how full disk encryption with [LVM over] LUKS is (virtually) seamless.
And also I'd to argue that symmetric encryption can provide integrity, if the cipher uses an AEAD mode of operation. However, I'm unaware about what cipher GPG uses.
Wouldn't it be safer to encrypt using a password instead of a gpg key? As I see it one key is one central point of failure, while you could use unique hard passwords for each file of interest instead
Subscribed because of the subtle request.
Also hashes and macs are used for integrity and not asymmetric encryption
So you're telling me encrypting a tar archive without encrypting all the content first is just as secure as encrypting all the files within the folder individually?
Yes
@@njpme ok
Restic a great way to do encrypted backups to a number of cloud services.
this is basically what companies like Sentra advocate. However, when doing this en masse its better to only put layers of encryption on your most sensitive info
Would you still suggest this in 2024 and if so, can you share a link for the installation instructions, please.
Thanks for the valuable content.
Looks like DWM and that you may be running LARBS? ;)
Is it safe to upload bitcoin wallet seeds on cloud by this encryption method?
You can use rclone with crypt. Can you make a video on that?
That's a lot better since you just just mount the remote encrypted drive and it just werks
Whats the difference between first creating an archive and then encrypting it with a password, when I can just make an encrypted zip file with the same password. Is is less safer? Afaik a zip file should protect integrity pretty well too.
For anyone wanting to automate such as process I can recommend rclone
You can have integrity and autenticity with symmetric encryption too if you use HMACs
*laughs on private 8tb hdd storage server located at my house*
You can also run restic if you used rclone
I used to use it to store my SQL backups on an infinite Google Drive seller who probably is exploiting the alumni benefit system of an university in Taiwan...?
but because (s)he had full administration permission on my "subsidiary" account (as this is required to make a fake alumni)
this mean (s)he could have my reviewed my content in plaintext, so I decided to encrypt it before sending it to the drive in rclone and it works well.
Thanks for this niche content.
thanks now i use this for my Google Drive and Dropbox
Downloading it before my FBI agent deletes it.
Why not decentralized storage
Another way to do it is use WinRar to make encrypted Rar files. That allows one to encrypt entire directory trees into a single file. That's useful if you want to encrypt a whole mess of directories and files all at once and store the whole mess in a single file which can then be stashed on Google Drive so that you can access it from any internet-connected computer anywhere, with very low probability of anyone being able to decipher them.
Another way is to use "Vault" software such as KDE's "Vaults 1.0" to create a "Vault" containing a directory tree. The Vault files can then be stored on the cloud, again with very low probability of anyone being able to decipher them.
But the ultimate way is to *_not_* put your data "on the cloud", but rather, put it on tiny Samsung S7 2TB SSDs, devices the size of packs of bubble gum, weighing about 1oz and costing about $200 for 2TB. Use LUKS encrpytion with a strong pass phrase (such as "82 times he struck his foe with his vorpal sword" or some such thing that's easy for you to remember but impossible for anyone to guess). And always make 3 or 4 copies of everything. Then just put the modules in your breifcase, backpack, pocket, or purse. If it gets lost, no big deal, you got backkups and no one is going to be able to decrypt it, and you can always make more copies (also encrypted, of course).
This is kind of obvious and it does not address the important part; how can you make all this convenient? Is there a tool like a cloud storage client that does this for you in the background while still allowing you to use a big cloud provider like google?
When I want to encrypt a file or a series of files, I tend to use Tomb instead of GPG and to put the key into some other file. I hope it's available on Gentoo.
I remember i just xored something and saved it to notes because i am a bit paranoid