LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 03-24-2005, 05:34 AM   #1
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,223

Rep: Reputation: 86
Post Quick and dirty cryptography guide.


You have a file named homemadepron.mpg you want to hide (IMHO, you'd better put it on e-donkey).

openssl des3 -in homemadepron.mpg -out whatever.the.name.of.the.encrypted.file

You have to enter a password, and now your file is encrypted.
-------------------------------------------------------------------------------------
A few days later, you want to watch again your performance as an actor and director.

openssl des3 -d -in whatever.the.name.of.the.encrypted.file -out homemadepron.mpg

If you don't forget the password, then the file is restored.
-------------------------------------------------------------------------------------

Of course, there's many options with openssl. You can use other algos than 3des.

I recommend you to read this if you want to learn more:
http://en.wikipedia.org/wiki/Ciphers
http://en.wikipedia.org/wiki/Block_cipher
http://www.linuxquestions.org/questi...hreadid=303954

It seems some ciphers aren't authorized for public.
Enjoy.

P.S.: And think about e-donkey

Last edited by Linux.tar.gz; 03-24-2005 at 11:09 AM.
 
Old 03-24-2005, 02:31 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
your guide should also have a quick and dirty explanation on how to have an encrypted filesystem and/or partition, as relying solely on the method you have provided so far would leave one vulnerable to forensic recovery of the original non-encrypted file...

by using an encrypted filesystem, there would have never been an un-encrypted original file in the first place...

if your guide is exclusively for use on non-encrypted filesystems, then IMHO you should at least provide a note on how to make sure the original file is completely destroyed...

also, IMHO using a filename such as secrets.tar.gz in your guide might be more appropriate than the explicit scenario you are currently using...

just my two cents...


Last edited by win32sux; 03-24-2005 at 02:33 PM.
 
Old 03-24-2005, 04:42 PM   #3
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
What do you expect from a guide written by someone who just started asking about crypto 4 days ago?
 
Old 03-24-2005, 07:17 PM   #4
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,223

Original Poster
Rep: Reputation: 86
You're right, TruckStuff.
What i had in mind was a mini-guide to encrypt a file in order to send it over internet.
I was suprised when i searched around and didn't find any quick answer about it.
So i wrote this thread and named it "quick and dirty".
I put some humor in it because i think it's a serious subject.
If someone can answer your questions later on this thread, win32sux, then i'll be happy to read it.

Last edited by Linux.tar.gz; 03-24-2005 at 07:20 PM.
 
Old 03-25-2005, 02:16 PM   #5
penguinlnx
Member
 
Registered: Mar 2005
Location: Ice Station Alert AFB
Distribution: Gentoo
Posts: 166

Rep: Reputation: 30
Of course the question of the 'paper trail' to and from the hidden treasure is paramount in maintaining secrecy, or at least legal immunity from prosecution. (Although I think you can make and own all the porn you want in France! as in the example...)

In a Windows environment there are some simple and practical things people can do:

(after offloading your naughty pics onto a CD or DVD which can be hidden in your boss's/landlord's/worst enemy's garage for safekeeping, once your prints are wiped off)

(1) Copy lots of crap onto your hard drive.
(2) Delete all copies of naughty files from your hard drive.
(3) Defragment the hard drive.
(4) Copy back a huge directory of boring photos of your grandparents back onto the drive.
(5) delete grandma's teddy-bear catalog and repeat cycle as necessary.
(6) Prevent low-level recovery of file-traces with a program like GRC.COM's Hard Drive repair kit.

Note: Since simple solutions like this are only practical for DATA drives/partitions, Don't download or store sensitive material on your OS partition or drive. This is trickier than it seems, since many programs store temporary files by default in your system areas.....

(a) Notice its more important to store your 'private garbage' off-site and off of your computer than worry about encryption, for legal purposes. Possession of illegal goods is nine-tenths of a conviction.

(b) In your aquisition/transport/storage cycle, it is more important to keep any vulnerable time-window as short as possible, and have all systems 'clean' while in stand-by between operations, and post a lookout, than worry about encryption of data.

(c) In your aquisition and transport process, it is more important to not leave an obvious trail to you, whether you keep your 'porn' at home, on your computer, or encrypted or not. That is, up/download it on someone else's machine, and make sure the activity is not traceable back to you via money receipts or security cameras.

Three final points:

(1) In the post-911 era, the authorities are a lot less worried about your personal rights re: search & seizure and the question of *how* the evidence was acquired. It would be awfully foolish for the average porn addict to rely on the noble concept of respect of personal rights in the real world.

(2) Most courts in most countries give barely more than lip-service to the concept (already a cute rarity) of "innocent until proven guilty". Anyone with real court experience knows that nine-tenths of a conviction in the real world is being charged, and plea-bargaining with a guilty plea, to make lawyers money, save the authorities face, and wreck your life in the process cause no one gives a damn. Only rich aholes can afford to dream about 'trials'.

(3) If it isn't the authorities you're hiding the file from, keep in mind that there is no secret a short ride to a warehouse and a blowtorch can't reveal...Is it all worth it?

I don't know what you would do for the home drive in a Linux Environment, perhaps someone could explain what you can do to address these issues in a Linux file system etc.

Last edited by penguinlnx; 03-25-2005 at 02:45 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DISCUSSION: Quick and Dirty Guide to Linux File Permissions bulliver LinuxAnswers Discussion 32 12-19-2011 10:36 PM
Two Quick and Dirty Ones! gsibble Linux - Newbie 9 08-14-2003 03:40 AM
quick and dirty! Smerk Debian 4 07-03-2003 08:33 PM
quick and dirty guide on installing GRUB markus1982 Linux - Software 1 05-26-2003 11:56 AM
quick and dirty guide on installing grub markus1982 Linux - General 0 04-10-2003 03:56 AM


All times are GMT -5. The time now is 11:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration