Encrypt all the things!

I got a big scare this weekend when i thought my phone went AWOL... The first thought above anything was, fuck... My Password Management App...

I need to export as well... that was too close

I use BTSync to keep my passwd file on three machines and my nas.

Not encryption so much, but wanted to put in a strong recommendation for Authy
https://www.authy.com

It's replaced my Google auth app for all of my 2FA things, works with Google, Dropbox, Linode, DNS Made Easy, Gandi, Cloudflare, Coinbase, etc, etc.

The best thing? It can encrypt and back up the cryptographic tokens used to generate the keys, allowing you to configure multiple devices to generate the tokens, and making the pain of moving to a new device in future be absolutely painless.

Basically... the tablet I leave at home, can now generate the tokens even though the phone that I carry can also generate the tokens. Freaking awesome.

Snazzy, will give authy a try.

Forget it, I UTFSd...

the horizon programme shown on the bbc this week seems quite interesting
caught the end of it monday and caught the beginning before i dozed off yesterday ( i'm not selling it well here but i think it is quite a good programme )
will try and find it on bbc i player and watch the full thing

Inside the Dark Web.

but don't encrypt things too well

http://www.theguardian.com/technology/2014/may/30/encryption-software-truecrypt-closes-doors

IVPN or privateinternetaccess? $100pa or $39.95pa, bit of a price difference... Plug and play works best for me...

Would be awesome if I could get it to work across our Android phones as well, I figure we'll have to root our handsets? #notanexpert

I use PIA, works fine. Plug and play on Windows and Android, a bit more set up on Linux but the website has plenty of guides. It canes your battery a bit on Android, I only use it for public wifi

PIA has better speed and usability, it's mostly plug and play.

iVPN has better privacy when you use the multihop mode... it's on the extreme paranoid side of the scale. Configuration can be a bitch.

I only use the VPN on Android when on public wifi. Same reason as above, it canes the battery. Though... sometimes it can help as slower sites actually speed up when used over the VPN... so sometimes I do short bursts too even over 4G.

Thanks, folks, good info...

Downloadad authy turned on 2fa and locked myself out of pretty much everything. I'll have another go when I'm sober.

Thanks all. The info on VPN is very useful and I now have iVPN on my Apple equipment and PIA on my android PAYG.

You could've used one account on both, no? That's what I'm planning to do anyway...

PIA allows (I think) five simultaneous connections.

PIA app on OSX is a bit pita though. It randomly stopped creating tunnels for me (infact, didn't even seem to be executing the tunnel). Switched to using PIA via Viscosity and it works perfectly.

Absolutely right. However, my old brain now struggles with tech these days and I gave up trying to add the android to iVPN iafter 4 attempts. I found it easier with Apple! As I'm paying a monthly sub for PIA, I will give it another go next month.

So, as I understand it, PIA won't encrypt your router...

Looks like I'm gonna buy a new router (ASUS RT-N66U? Anything else come out recently that's cheaper and just as good that'll work?) and get IVPN in that case... Hopefully means we'll be able to get Aussie TV on our Smart TV... RAGE!!!

Nix that... Turns out I can use an old NetGear I've got lying around on PIA... Hmmm, interesting...It always worked better than my stupid Virgin box so this may be a good thing...

You can run PIA on a router that supports OpenVPN, even my ancient linksys does. Most modern routers will do (also check OpenWRT/Tomato/DD-WRT)

The down side to doing it on routers (long discussion @Velocio and I had somewhere earlier in this thread) is that performance tends to be sucky. Don't expect to get 100mb/s encrypted out of 99% of routers (unless you go commerical highend). It's easier to build a cheap linux box as a gateway router running openvpn, but obviously more complex.

Pretty sure VB suggested the ASUS RT-N66U as a fast encrypted router option, I'll do some more exhaustive research... i.e. Re-read this thread tomorrow and then do nothing for another six months...

It's the fastest for a router.

But... that doesn't mean that it's fast.

The problem is one of the CPU (which does the crunching for the encryption) and the heat that it gets to and how it's cooled (inefficiently if truth be told).

The CPU is under-powered for this task, and it cannot push the heat away.

I run a mini computer next to my router nowadays, it's an Acer Veriton. It has an older equivalent to an i3 CPU, and a few GB of RAM and is better cooled than the router.

You can pretty much use any "nettop" PC, of which this is a selection.

Encryption using the router is going to give you 10Mbps encryption, which if you're on a slow connection is fine. Encryption via a better powered PC, of your laptop, etc... is going to give you about 70-80% of whatever your connection speed is... I've measured over 80Mbps on PIA when using my main PC.

My advice is really this:

1. If you're only needing to encrypt your laptop/PC... run PIA on there.
   
2. If you're only needing to encrypt your Android and you don't need super-high speeds... run PIA on a router like the one I previously recommended or on Android itself.
   
3. If you need super-high speed encryption on your network as you want to encrypt your whole network and you have other servers/machines needing it, you're going to have to consider researching a small machine to do the encryption.
   
   

The problem with #3 is mostly one of price, power usage, stability (it's one more thing that can fail). So don't go there unless you know you need it.

Good advice, as always... I'd love to encrypt the router but don't really wanna get spendy on a little box for it, would a Raspberry Pi do the job? I could stretch to that... #notanexpert

Do you really need to encrypt your whole network?

How many devices do you have that are connected? And does every one need to go over the VPN?

i.e. if you have a Playstation or Xbox, do you really need to encrypt gaming traffic?

i.e. (2) if you have a media server that you access externally... you do realise you won't be able to do so once you have a VPN up (not without some rather interesting workarounds)?

And if you're reducing it to: a couple of phones, one or two laptops, a tablet... then is it not more convenient to just run the VPN on the devices?

And if not... isn't 10Mbps enough from something like the router?

I only went and used a nettop because of the sheer complexity of my setup... I want to use a media server, and access my home server for work purposes, whilst having a lot of net connected devices. It's complex and took time to set up, I think both @kirth and myself are of the same mindset... this stuff works, but very few people need set ups as complex as ours... there's a real maintenance overhead at times... you'll be wanting to do something (dial-in from outside whilst the VPN is up) and it will be impossible to do. Why go there? Hell, I even put in a UPS power solution to ensure that the multiple parts of what is now a small office network all maintain their power and that none of them power cycle on spikes and lags.

I do recommend encryption... but there is a trade-off between pragmatic "It just works" and the kind of crazy that Kirth and I have. Unless you know why you need it, I wouldn't go the "build your own VPN proxy" route.

And a Raspberry Pi will deliver reasonable numbers for short bursts, but ultimately it's going to get hot, slow down, and you'll reduce the life of it whilst not getting great speeds. There's also the issue that the Pi uses a Flash memory card and any power fluctuations can cause corruptions... so you better have your config backed-up and under source control.

A small nettop or old laptop will do better.

You're probably right... It'll be two MacBook Pros, an iPad and two Android phones... I guess I'm only gonna need PIA after all, I don't have the brain, or the spare cash, to set up and maintain complicated network wide encryption... Cheers, VB... :)