archive encryption

Khannie

What's the safest way to password protect an archive? zip says the encryption used is considered weak. No mention of passwords in the man pages for gzip, tar or bzip2.

AndrewMc

In looking for an answer, I've just discovered the gpg-zip command which is pretty neat. If you already have a GnuPG key set up, then it's ideal.

Thomas_S_Hunterson

http://advosys.ca/viewpoints/2006/07/pgp-symmetric-encryption/ might be of some assistance if you're just looking for pass-phrased based symmetric encryption (--symmetric command line switch for gpg or pgp)

Otherwise vanilla gpg? 2-factor though makes things a little more complicated.

/edit: beaten to it by Andrew

Khannie

I was being lazy.

I've discovered mcrypt, which looks ideal.

cat <file> | mcrypt > encrypted.txt
cat encrypted.txt | mcrypt -d > decrypted.txt

Naikon

I tend to just use openssl when I need encryption.

So for example, say I have an archive called stuff.tar

openssl des3 -salt -in stuff.tar -out file.tar.des3

It will prompt for the passphrase, and to decrypt just use:

openssl des3 -d -salt -in file.tar.des3 -out file.tar

Again, type the passphrase, and your work is done.
The good thing is openssl is it's bound to be on most *NIX platforms by default.

Easy Peasy:pac:

Khannie

Sean_K wrote: »

http://advosys.ca/viewpoints/2006/07/pgp-symmetric-encryption/ might be of some assistance if you're just looking for pass-phrased based symmetric encryption (--symmetric command line switch for gpg or pgp)

Otherwise vanilla gpg? 2-factor though makes things a little more complicated.

/edit: beaten to it by Andrew

Hmmmm. Upon further inspection, this could be just the ticket too.

Khannie

Naikon wrote: »

I tend to just use openssl when I need encryption.

too.....


many.........



choices............

Naikon

Orion

You can create an encrytped container with TrueCrypt. You can create a container as large as you want - then when Truecrypt is active it just works like a directory to drag and drop in to.

Khannie

Been away for a bit so just getting back to this....Ended up going with Naikon's way. Worked a treat.

Thanks for all the suggestions.

edit: That truecrypt looks pretty sweet too. /me investigates.

Orion

I really like Naikon's method for encrypting a single archive. Nice and neat.

But if you want an encrypted container to store stuff Truecrypt is the one for me. I save all my server/web passwords in a plain text file and keep it in a Truecrypt container.

I've openssl installed on my Windows box in work- gonna try to decrypt an archive that I've encrypted on linux there just to see if it works.

Khannie

Truecrypt looks like a very impressive piece of kit. Did a fair bit of reading about it last night. I had two concerns that weren't really mentioned on the website:

1) Performance - Found out on wikipedia that it's probably not an issue on a quad core system, but not gonna be great on my single core'd laptop (which is most likely to be compromised)
and
2) Battery life - Has to be negatively affected by the extra work

Naikon

I am loving this Truecrypt software:pac:
/Me initially thinking it was windows only software:rolleyes:

I won't be using it on my aspire one though...the SSD in that machine
is awful. Good little lappy however, as the keyboard is not cramped like the eee.

Orion

I can't see battery life being majorly impacted. It's just a TSR application (remember that old TLA ) that's only used when you use it. If it was to be a drain you can always close it and re-open it when you want to protect a file. As for performance - I started using it on an Athlon 64 back when UT2K4 was the dogs balls. Performance is fine.

btw Khannie - you can thank Screwball for Truecrypt - he introduced me to it years ago and if it's good enough for his tinfoil hat then it's good enough for me

Orion

@Naikon: I have an eee - the keyb is a bit cramped but you get used to it very quickly. What distro do you use on the Aspire? I dumped the Asus distro very quickly. Tried Ubuntueee before finding Cruncheee which rocks.

[edit]And shame on you for thinking I would recommend Windoze only software on a Unix forum. Shame I say!

Naikon

Macros42 wrote: »

@Naikon: I have an eee - the keyb is a bit cramped but you get used to it very quickly. What distro do you use on the Aspire? I dumped the Asus distro very quickly. Tried Ubuntueee before finding Cruncheee which rocks.

[edit]And shame on you for thinking I would recommend Windoze only software on a Unix forum. Shame I say!

Yeah, I am just a bit bias towards keyboard sizes because I have big fingers:p
It's not a dreadful board, not like those shi$ty chicklet keys on those old atari consoles.

I am running Crunchbang on it too, and coulden't be happier.
Everything worked fine out of the box, along with codec support for mplayer.

Wireless worked fine natively(Think the eee and aspire one uses Atheros chips).
Very impressive high quality distro it is.

Haha on the last point, I had my suspicions(i.e, you don't suggest m$ stuff here :pac:)
We *NIX people think alike here.

Khannie

Macros42 wrote: »

you can always close it and re-open it when you want to protect a file

On a laptop I'd be looking at protecting everything tbh. On the home pc, only my GIANT porn collection. :pac:

Capt'n Midnight

You can you password protect the hard drive in the BIOS, no performance impact. Also like all data encryption no data recovery.

Yes it can be bypassed if you have access to the platter, not sure if there are ways around without using a clean room though.


[edit] encfs is also good

AndrewMc

Capt'n Midnight wrote: »

You can you password protect the hard drive in the BIOS, no performance impact. Also like all data encryption no data recovery.

Yes it can be bypassed if you have access to the platter, not sure if there are ways around without using a clean room though.

If it's the same thing I'm thinking of, I've heard it can be bypassed by replacing the circuit board on the outside of the drive. If you have another, that is, and are that pushed

Capt'n Midnight

AndrewMc wrote: »

If it's the same thing I'm thinking of, I've heard it can be bypassed by replacing the circuit board on the outside of the drive. If you have another, that is, and are that pushed

From my understanding the password or hash was stored on the platter not on the circuit board so it's isn't quite as simple as that

Khannie

Well, bit of a major bump here, but I have a new laptop HDD coming and I'm thinking I'll give that truecrypt software a bash (it's a business laptop and I like the idea of keeping confidential information confidential).

I'll set the /home partition as encrypted and see how I get on.

edit: I think /etc also. That should do it.

ressem

A lot of the new laptop hard drives have built in AES encryption, which unlike the old ones can't be bypassed by having a data recovery crowd using a specialised clean room or manufacturer bypass password.

http://www.hitachigst.com/portal/site/en/products/self-encrypting/
or Seagate secure.

Don't notice any noticeable performance drop.

You need root though for truecrypt to work.

Do any of the above work without having to invoke root?