LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-18-2012, 01:19 PM   #1
halfpower
Member
 
Registered: Jul 2005
Distribution: Slackware
Posts: 195

Rep: Reputation: 30
Is there a standard for file/data encryption?


Is there a standard algorithm for encryption? I am thinking more in terms of data storage rather than data transmission, although I'm not sure this distinction is important. Is it better to encrypt entire folders rather than individual files?
 
Old 11-18-2012, 01:23 PM   #2
mdlinuxwolf
Member
 
Registered: Dec 2006
Distribution: Mepis and Fedora, also Mandrake and SuSE PC-BSD Mint Solaris 11 express
Posts: 365

Rep: Reputation: 34
standard

Quote:
Originally Posted by halfpower View Post
Is there a standard algorithm for encryption? I am thinking more in terms of data storage rather than data transmission, although I'm not sure this distinction is important. Is it better to encrypt entire folders rather than individual files?

Yes, crypto-luks with 256 bit AES encryption is used by Fedora. The best way to store data is on an entire encrypted partition or physical drive, not by file or folder. You can also use GPG to encrypt an individual item if additional protection is needed.

Other distros can also use encryption not just Fedora.
 
Old 11-18-2012, 08:34 PM   #3
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
There are several options for "at-rest" encryption.

If you want to encrypt individual files, GnuPG (an implementation of the OpenPGP Standard) is a good option. If you want to encrypt an entire filesystem (even the root filesystem, provided you have a /boot and an initramfs/initrd), then LUKS-DMCrypt is the gold standard on Linux. Finally, if you want to encrypt whole directories (such a user home directory) then eCryptFS is a good choice.

All of these tools offer you a choice of algorithms and key lengths for your encryption needs. AES is the "standard" from the US NIST, but Blowfish/Twofish is another good choice. Anything over 128 bits of key length would offer you "strong" encryption. (Where "strong" is defined as resistant to brute force attack.)
 
Old 11-19-2012, 06:49 AM   #4
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,231

Rep: Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071Reputation: 1071
Consider this: the German Enigma cipher algorithm was, for its day, essentially impregnable; yet the Poles cracked it using pencil-and-paper by exploiting weaknesses of the German keying system. The choice of algorithm matters relatively little, esp. for civilian-grade crypto. How the algorithm is applied, though, matters much.

Use an existing crypto system of known provenance, and learn how to use it correctly and strongly. Good examples include:
  1. GnuGPG / PGP
  2. VPN
  3. SSL
  4. SSH
  5. The OpenSSL crypto library
These technologies are used all over the world. They are well-understood, professionally designed, and well maintained. They are also shared by people with whom you will wish to communicate, most of whom you may never have met and will never meet.

There are well-understood best practices, and these are the most vital aspect of ensuring that your information is both secure, trustworthy, and intact.

Last edited by sundialsvcs; 11-19-2012 at 06:50 AM.
 
Old 11-19-2012, 01:02 PM   #5
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
Quote:
Originally Posted by halfpower View Post
Is there a standard algorithm for encryption? I am thinking more in terms of data storage rather than data transmission, although I'm not sure this distinction is important. Is it better to encrypt entire folders rather than individual files?
That actually depends on context. The Rijandael cipher became the AES, Advanced Encryption Standard by the US NIST as in a standard for US government use. Other governments have their own standards. Business set standards for internal sue etc. In the general populace, or even in most businesses there is no standard, though most follow along and use AES, as they probably used DES before it.

While choosing an appropriate algorithm is important, key management and good practices (as mentioned by sundialvcs) are even more important. Also consider whether you are trying to protect data in use or data at rest.

If you need some files visible to only some users and not others then you encrypt on file level. If all files in a directory can be viewed by a user then you can encrypt at the directory level, likewise for an entire partition or drive.
Choice of algorithm will depend on needs, risk assessment and available tools.
 
Old 11-19-2012, 07:09 PM   #6
jefro
Guru
 
Registered: Mar 2008
Posts: 11,006

Rep: Reputation: 1356Reputation: 1356Reputation: 1356Reputation: 1356Reputation: 1356Reputation: 1356Reputation: 1356Reputation: 1356Reputation: 1356Reputation: 1356
The type of data is also a factor. Some compression works much better on some data while other works better on some other data.

There is also on the fly software and hardware solutions.

Just depends on what you want to secure as to file by file or folder by folder or even full disk encryption.
I don't usually encrypt more than home on most systems.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Data encryption software available? samrat_rao Linux - Security 10 03-06-2009 12:43 PM
Question about data-encryption ... MyAndy Linux - Security 1 02-26-2009 07:44 AM
Data Encryption NickCoons Linux - Security 12 11-14-2007 10:17 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
sending data to standard out and to a text file at the same time. liguorir Linux - Software 1 08-23-2005 12:14 PM


All times are GMT -5. The time now is 10:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration