LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-18-2016, 12:25 AM   #16
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,286
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419

It depends on the password too, a brute force attack uses dictionary files first so... http://www.cyberciti.biz/security/li...ength-checker/
http://www.roboform.com/how-secure-is-my-password &c...
 
Old 02-18-2016, 12:26 AM   #17
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by jamison20000e View Post
.zip seems most popular and probably compresses best if that matters?
Cool. Thanks. But is .zip good encryption? Like I was saying about the AES 256 thing? And in your other post you were talking about using two extensions, right? What's that process?
 
Old 02-18-2016, 12:41 AM   #18
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,286
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
P.s: for the first link use:
Code:
sudo echo "TypeYourPasswordHere" | sudo cracklib-check
 
Old 02-18-2016, 12:51 AM   #19
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,286
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
Quote:
Originally Posted by Gregg Bell View Post
... And in your other post you were talking about using two extensions, right? What's that process?
I encrypted many files (no folder) but when I click on the .jar it showed the extractable files and their names then asked for my (strong or not) password... so, I encrypted it again that now when I click on the .zip all I see is the .jar's name,,, tho I now realize a folder encrypted should hide the file names as well. (Two different passwords tho. )

Last edited by jamison20000e; 02-18-2016 at 01:02 AM.
 
Old 02-18-2016, 12:59 AM   #20
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,286
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
Quote:
Originally Posted by jamison20000e View Post
P.s: for the first link use:
Code:
sudo echo "TypeYourPasswordHere" | sudo cracklib-check
It is still not working with that sudo config so I used:
Code:
su
then:
Code:
echo "TypeYourPasswordHere" | cracklib-check
 
Old 02-18-2016, 01:14 AM   #21
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,286
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
http://www.roboform.com/how-secure-is-my-password is better with suggestions
 
Old 02-18-2016, 09:09 AM   #22
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
Passwords ... "pre-shared keys," call them what you will ... are evil.

Use standard techniques such as OpenVPN and GPG and SSH, and use them correctly, which means: "use digital certificates."

A certificate file, which may be further encrypted with a password, contains thousands of bits of information which cannot be forged. Either you possess it (and the other party has not repudiated it ...), or you don't. "Them's your choices."

It's like swiping your badge at a door, and maybe entering a number on a keypad. That badge belongs uniquely and identifiably to you, and it can be made to "drop dead" at any time. And yet, it does not stand in the way of you "effortlessly" getting into the secure area.
 
1 members found this post helpful.
Old 02-18-2016, 01:42 PM   #23
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
If you're paranoid, use gpg to encrypt your files. That's the most secure method. That said, I often use other means, such as Minilock. I use it for things I don't really want in the open, but that won't result in my death, incarceration, or bankruptcy if broken. One has to balance security against convenience. Minilock lets me encrypt/decrypt the files on any device, including my PC, chromebook, phone, or whatever. But if the file is really sensitive, convenience needs to be overridden, and gpg is a better choice.
 
Old 02-18-2016, 02:50 PM   #24
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by jamison20000e View Post
I encrypted many files (no folder) but when I click on the .jar it showed the extractable files and their names then asked for my (strong or not) password... so, I encrypted it again that now when I click on the .zip all I see is the .jar's name,,, tho I now realize a folder encrypted should hide the file names as well. (Two different passwords tho. )
Wow. Thanks jamison. It's going to take a while for me to digest this stuff and thanks for the links. (Although I think that Roboform password tester is a little too generous saying how long it will take to crack passwords. Some relative simple ones would take "32 years." Ha ha. I wish.)
 
1 members found this post helpful.
Old 02-18-2016, 02:55 PM   #25
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sundialsvcs View Post
Passwords ... "pre-shared keys," call them what you will ... are evil.

Use standard techniques such as OpenVPN and GPG and SSH, and use them correctly, which means: "use digital certificates."

A certificate file, which may be further encrypted with a password, contains thousands of bits of information which cannot be forged. Either you possess it (and the other party has not repudiated it ...), or you don't. "Them's your choices."

It's like swiping your badge at a door, and maybe entering a number on a keypad. That badge belongs uniquely and identifiably to you, and it can be made to "drop dead" at any time. And yet, it does not stand in the way of you "effortlessly" getting into the secure area.
Thanks sundial. I looked at OpenVPN and it looked like more than I needed. GPG via the terminal is fine. I liked it. But see the screenshot. Was I using it correctly? And if so, how would I go about encrypting a folder with it?
Attached Thumbnails
Click image for larger version

Name:	Selection_013.png
Views:	9
Size:	76.9 KB
ID:	20897  
 
Old 02-18-2016, 02:57 PM   #26
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sgosnell View Post
If you're paranoid, use gpg to encrypt your files. That's the most secure method. That said, I often use other means, such as Minilock. I use it for things I don't really want in the open, but that won't result in my death, incarceration, or bankruptcy if broken. One has to balance security against convenience. Minilock lets me encrypt/decrypt the files on any device, including my PC, chromebook, phone, or whatever. But if the file is really sensitive, convenience needs to be overridden, and gpg is a better choice.
Thanks sgosnell. I liked using gpg but I wasn't sure if I was using it rightly or if the warning I got meant anything. (see screenshot) And if I was using it correctly, can I use gpg to encrypyt folders as well? (And is the gpg encryption like as good as the AES 256?)
Attached Thumbnails
Click image for larger version

Name:	Selection_013.png
Views:	14
Size:	76.9 KB
ID:	20898  
 
Old 02-18-2016, 08:34 PM   #27
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
GnuPG defaults to RSA2048 encryption, far better than AES256. You can change that if you want.

As for how to use it, read the man pages, or at least the quick help. As a start, you use -e to encrypt a file, -d to decrypt. Decrypt is the default, so if you use neither, you're telling it to decrypt the file. A quick and useful guide to using gpg is here. To encrypt a folder, you would use tar or similar to make an archive of the folder and its files, then encrypt the tarball. That's far more secure than just using a password-protected zip file. But again, it depends on your level of paranoia, and the importance of the files. It's not hard to cobble up a script that would do all the work for you. You could incorporate syncing the result to the cloud in the script, or you could just put it in a folder that syncs automatically, like Dropbox or similar. And you could put it all into a cron job that does it all on a schedule of your choice without you having to do anything at all.
 
1 members found this post helpful.
Old 02-18-2016, 10:30 PM   #28
Gregg Bell
Senior Member
 
Registered: Mar 2014
Location: Illinois
Distribution: Xubuntu
Posts: 1,992

Original Poster
Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by sgosnell View Post
GnuPG defaults to RSA2048 encryption, far better than AES256. You can change that if you want.

As for how to use it, read the man pages, or at least the quick help. As a start, you use -e to encrypt a file, -d to decrypt. Decrypt is the default, so if you use neither, you're telling it to decrypt the file. A quick and useful guide to using gpg is here. To encrypt a folder, you would use tar or similar to make an archive of the folder and its files, then encrypt the tarball. That's far more secure than just using a password-protected zip file. But again, it depends on your level of paranoia, and the importance of the files. It's not hard to cobble up a script that would do all the work for you. You could incorporate syncing the result to the cloud in the script, or you could just put it in a folder that syncs automatically, like Dropbox or similar. And you could put it all into a cron job that does it all on a schedule of your choice without you having to do anything at all.
Thanks a lot, sgosnell. That quick start guide looks do-able. I think that may be a good way to go if I have something really sensitive. And I like that it shows how to do folders, as well. As for the rest of it (the script, crono job etc.) LOL maybe some day! Appreciate it.

P.S. Are GnuPG and GPG the same thing? I'm thinking not because (see my screenshot in post #26) I was using GPG in the terminal, but your quick start guide has different commands. Thanks.

P.S.S. Was my way of using GPG (again, screenshot in post #26) of any value at all? I ask because it was really easy and quick to do. Thanks.

Last edited by Gregg Bell; 02-18-2016 at 10:41 PM. Reason: added two questions at the end
 
Old 02-21-2016, 03:25 PM   #29
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 4,286
Blog Entries: 3

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
Quote:
Originally Posted by sundialsvcs View Post
Passwords ... "pre-shared keys," call them what you will ... are evil.

Use standard techniques such as OpenVPN and GPG and SSH, and use them correctly, which means: "use digital certificates."

A certificate file, which may be further encrypted with a password, contains thousands of bits of information which cannot be forged. Either you possess it (and the other party has not repudiated it ...), or you don't. "Them's your choices."

It's like swiping your badge at a door, and maybe entering a number on a keypad. That badge belongs uniquely and identifiably to you, and it can be made to "drop dead" at any time. And yet, it does not stand in the way of you "effortlessly" getting into the secure area.
In my case this or is over kill. I let my nephews use my laptop all the time and encourage them to look in my books and text files &c but something like:
Code:
wget --recursive http://textfiles.com/
and the folders name is not for them. When they get to the point of cracking .etc? more power to them and hopefully raised right brings questions and no worries.

Last edited by jamison20000e; 02-21-2016 at 03:26 PM.
 
Old 02-21-2016, 03:37 PM   #30
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,945

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
gpg is the executable for the GnuPG package. The -c option you used is for symmetric encryption, meaning you enter a separate password to encrypt/decrypt the file. If you use -e instead, your keys are used for encryption/decryption. Either will work, but IMO using keys is a more secure way of doing it. Plus, you always use the same passphrase for decryption, which is the passphrase for your secret key. If you use -c, you have to remember the password you used for that one-time encryption, which may be difficult. But -c does have its uses.

One thing to remember is that after you encrypt a file, the unencrypted version of the file remains, still in the clear. You need to remember to delete that file if you need only the encrypted version. If you're encrypting files for upload to the cloud, and want to keep the unencrypted files on your local disk, that's fine. You have both versions, and can deal with them as you prefer.
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Non-system partition encryption versus container-file encryption of equal size Ulysses_ Linux - Security 13 07-17-2015 07:38 PM
new gpg encryption/signing frontend -- looking for name suggestions ryran Linux - General 13 01-27-2012 02:09 PM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration