How to easilly encrypt file using 2048bit encryption?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to easilly encrypt file using 2048bit encryption?
Hello, i know i can use openssl to encrypt file by single command:
Encrypt:
Code:
openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc
Decrypt:
Code:
openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new
I DO NOT want to use encryption key because i dont know where to store it, it appears too much time to handle it and protect it.
How can i encrypt some file via more difficult encryption like 2048bit in one command please? I wish the best protection algorithm because i listen 256bit is not enough
You're mistaken about the key length. 256 bit keys for symmetric encryption is more than enough.
The 2048 and 4096 bit keys you've probably heard about, relates to asymmetric encryption algorithms used in SSL certificates. These algorithms are slow and CPU intensive, need much longer keys, and are only used to encrypt very small pieces of data such as, well, 256 bit AES session keys.
By the way, if you don't want to use encryption keys, what on earth do you want to use? Without a key, nothing can be encrypted (or decrypted for that matter). The only alternative to a symmetric encryption key is an asymmetric encryption key, which is still very much an encryption key that needs to be stored somewhere.
You'd have to modify RC4 to make it accept the huge key, but barring an implementation error (such as ignoring the known weak keys issue), a modified RC4 could very well come out on top. Of course, with keys that large we'd probably have trouble seeing if the encryption was actually broken, what with the sun having burnt out and all that.
A better example would be 1024-bit RSA vs. 128-bit AES. AES would win hands down, as the algorithms are fundamentally different.
Yeah, that also works. It's just to illustrate a point, that key size does not equal security because you have to take into account what you do with the key -- the algorithm. BTW, on the wiki it says that 2048 is a possible key size for RC4, even tho it is not typical. RC4 has some severe vulnerabilities, and its use is discouraged because of them.
If I were to recommend an encryption algorithm I would say that you should thoroughly investigate each algorithm, the weaknesses, and who designed it (NSA ?). The algorithm should not be too old, because with the advance of computing power and cryptography, older algorithms tend to be weaker. However, newer ones are not necessarily better, because they haven't had as much testing from the crypto community. I would pick one that is not very old, not very new, and has no or few known weaknesses. I would also make sure to factor in the complexity of the algorithm, an example of which would be AES. Although simplicity does not equal simple to crack, it has to be well tested. ATM, my pick would be twofish. That's just my opinion according to my research. Also note that this only applies to symmetric key algorithms. There are also asymmetric ones like some used by gpg.
See: http://en.wikipedia.org/wiki/Public-key_cryptography
Note that this too has its own set of possible vulnerabilities. In the end you must understand and choose.
Last edited by metaschima; 02-05-2014 at 04:01 PM.
I probalbly dont understand function of the .key because i think one have 2 options. key or password, but still key must be somehow password protected or else its easy to to find the key on computer. What i hate on key that when you loose it you cant recover data, thats why i think password is better (agaian im absolute amateur).
Also its strange to me that in age of quantum computers, there is only one 256bit encryption which people says is possible to be decypted by special super computers or such. Why the * is not there encryption which canot be hacked even by million times faster computer than all computers of this world... all these encryptions like AES depends on password length, so if i add like 6x100 chars password, im millions times more secure than 6 chars password?
Here's a guide on how to choose strong passwords: http://www.thegeekstuff.com/2008/06/...ong-passwords/
Also make sure that it is difficult for an attacker to deduce a password using information about you, i.e. don't use personal information in your password.
I submit for your consideration that "no password is 'strong.'" Why not? Because it's a password.
The strongest form of protection is: the most human-practical arrangement that you can come up with. Nothing that requires you to keystroke-in a long string, let alone a "tough to crack" long-string, etcetera etcetera. This is not going to work, and the reason why it's not going to work is human factors, not technical ones.
Use digital certificates, properly handled and protected. Physically secure the data store. But make the protection system easy, and as transparent as possible to the authorized users.
And ... don't even try to protect against "the NSA."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.