Sunday, November 23, 2014

Hide-a-KeyText easy personal encryption explained to our non-Twitter folks

The program is available for free at http://www.unchartedcharters.com/. Click on the "executable" link, extract, an you are up an running.

The great encryption programs out there have a few things in common: they are overkill for people who just want to protect some of their data. They are a pain to set up and manage. Why in the world should you have to attend a training event called cryptoparty in order to get simple text encryption to work?

To thwart common criminals, you do not need the full PGP package.

Of course, there existing, but little known ways to encrypt some data, for example, most .zip packages support password encryption, as does the .pdf standard.

But then you are back to passwords. What if your password is too short, or too easily guessed?

Hide-a-KeyText works without a password. Think of it as picking a web page or an image file and using this as a password.

The concept of Hide-a-KeyText is very much that of having a house key somewhere on your property in case you manage to lose the key, or in case a trusted person needs to gain access.

Burglars may look at the house and wonder if you have a hide-a-key and where it could be.
They'll check under the mat, maybe the flower pots next to the door, but that's it.
They'll go for the open window (get that, Microsoft users?) or a weak door.
The guys who can obtain a house key specifically for your house are a different matter.

Who are we to say that nobody is watching the web sites where you can download PGP?

Hide-a-KeyText makes your encryption operation look like a simple visit to a web page or to an image site.

If you use, say, a specific Daily Mail article for encryption, your site visit looks pretty much like hundreds of thousands of others that same day.

And for images? People want you to look at their tumblers, instagrams, flickrs and whatnot.

To communicate with someone else using Hide-a-KeyText, the other person needs:
  • The same Hide-a-KeyText program version.
  • The same settings for Website (http) or Local File and for Fake Language
When you encrypt text, Hide-a-KeyText creates a small image file with that text. You send the file as an attachment to the recipient, who can decrypt it in his or her Hide-a-KeyText.

You do need to communicate the two bullet point items above, but there won't be an email or SMS from you that says "hey, here is the password".

What you tell your grandma or friend instead is maybe that you like a small program from this website unchartedcharters, and that you just read this great article on Wikipedia.

If you use Hide-a-KeyText right, you get the same level of encryption as with standard PGP packages. Read up on this here.

Why is nobody using these old techniques in software? It's not a conspiracy, to the contrary.
In terms of efficiency, space requirements, and versatility, Hide-a-KeyText is pretty wasteful.

Hide-a-KeyText is not suited for infrastructure jobs, like establishing a secure connection between servers, and it won't do encryption of your fridge's internet connection either.

Hide-a-KeyText has a wider range of results, from decent to unbreakable. This is a feature that frightens many software folks and probably every security expert on the planet.

That's what the modern standard encryption packages do, being immensely powerful. You should still have " learn PGP" on your todo list.

Would you like to know why Hide-a-KeyTextwas written in the first place? Ironically, the folks who would deserve the credit for pushing a simple coder to write the package will never be acknowledged in public.

It's a conversation for  encrypted communication only.


No comments:

Post a Comment