Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello everyone.
I need some tips of how to securely store my bank accounts numbers.
First I think it might be useful to let you know that so far I have 3 banks with different passwords for different things (on-line banking, pin cards e.t.c) and thus it is not easy to memorize all them.
So far I use kwalletmanager and store them in a wallet with pretty long password (20+ characters with numbers, letters and special characters).
Please accept the following questions
A) Does kwalletmanager use a secure way of storing its files? Do you know if its files are encrypted? If not do you know any kde program that can encrypt this file? So to decrypt every time I want to read it.
B) I know that kwalletmanager keeps every wallet on a single file and thus I can put this file into a usb (in case my pc is stolen).
C) Do you know any usb devices that can encrypt the data that are written inside it? Are these linux compliant?
D) Any else tip that might come to your mind please say it so.
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761
Rep:
The data is encrypted with the Blowfish symmetric block cipher algorithm, the algorithm key is derived from the SHA-1 hash of the password, with a key length of 156 bits (20 bytes). The data into the wallet file is also hashed with SHA-1 and checked before the data is deciphered and accessible by the applications.
I have 3 banks with different passwords for different things (on-line banking, pin cards e.t.c) and thus it is not easy to memorize all them.
Good idea. If you can't memorize your bank passwords, you're (likely) doing something right.
You already have an answer to your kwallet question. Blowfish is a well regarded cipher. Make sure you use a strong kwallet password, as that's what your encryption key will be derived from. That's the only one you need to remember.
You might consider using Password Safe instead. It's endorsed by Bruce Schneier (and in fact created him, iirc). The file format has become somewhat of a de facto standard, which is compatible with a variety of apps on different platforms. It's even supported on some PDAs, so you have access to all your passwords wherever you are.
In linux, there are GUI as well as CLI apps that support the passwordsafe format. There's also an emacs major mode for it. There is a field for username, password, and notes. So you can stash card numbers, CVV codes, exp dates, pin codes, etc in the notes field.
The weakest point is not encryption or master password strength (unless it's stupidly weak) but master password capture. Originally this was by keylogging and the response was to use a graphical keyboard but I understand the bad guys can crack those too now (sorry -- forgotten source of info). Whatever systems are devised it seems it is just a technology race until the bad guys can crack them. For these reasons the best solution is to use a virtual machine without shared data storage with the real machine and to use it only for sensitive transactions. It is less likely to be subject to attack than a day-to-day system used for a variety of tasks. Ideally its virtual disk can be routinely re-initialised after each use so any successful attack is nullified.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.