need encryption program for linux and windows !!!

H-Dragon · Guru Joined: 22 Oct 2002 Posts: 547

i have some data that is not to be viewed by anyone... now i need to access it in linux as well as in windows 2000 (unfortunatelly)

is there a program (maybe even an ebuild) that allows me to save my data onto a fat32 windows drive (that i have mounted in my fstab) and access it either way?

encryption should be military strength... really hard to break.
yet fast to en- and decrypt.

sorry to ask questions like that... but i think it is important to many.
_________________
WEBSITE
Do not meddle with the affairs of Dragons, for you are crunchy and tasty with ketchup!

m0pr0be · Guru Joined: 29 Aug 2002 Posts: 308

if you to de- and encrypt files under linux and win32 you can maybe try GnuPG.
its available for most platforms. i'm not sure if the GnuPG alhrithms satisfy your needs for very strong encryption. it supports public key mechanisms. and you can choose very long keys, to protect your data.
i think GnuPG doesnt support any newer enhanced security algorithms like blowfish, etc. (someone correct me if i'm wrong)

sisyphus · Posted: Thu Jan 02, 2003 12:45 pm Post subject:

gpg has binaries compiled for Win32 and of course Linux.

It's a good cross platform solution and shares the same command syntax across 'em.

Don't forget that if you ever store the clear text on disk, the data will be recoverable. You'll want to use a non-journaling FS to allow you to scrub the data once you've finished with it. You might also what to install it setuid root to allow you to use locked memory pages (don't get swapped!).

gpg does support symmetric encryption (-c) if you don't want to use public key. Just remember that whatever the algorythm (GPG supports a vast range - use gpg --version to find out what), it's only as strong as your passphrase.
_________________
wibble

H-Dragon · Guru Joined: 22 Oct 2002 Posts: 547

my gentoo runs on / as ext3. but i would have the data on my windows D drive (fat32). no jfs as far as i know... is it? so... gnupg....
no other program that could do the job? linux is all about security... there have got to be several ways of making data "disappear".
and gnupg... what's that thing with the passwords... and public keys.
or what's with those keys anyway?
_________________
WEBSITE
Do not meddle with the affairs of Dragons, for you are crunchy and tasty with ketchup!

zhenlin · Veteran Joined: 09 Nov 2002 Posts: 1361

Public key: The key to lock your message.
Private key: The key to unlock your message.

Distribute the public key. Put your private key on portable media and carry it with you. Do not unnecessarily mount the media with your private key. While you're at it, encrypt your private key, and rotate keys every 6 months.

H-Dragon · Guru Joined: 22 Oct 2002 Posts: 547

bad idea.....

if the police comes to my house and asks for all my pc stuff... they will take my key with them... and viola... encrypted for the ass
_________________
WEBSITE
Do not meddle with the affairs of Dragons, for you are crunchy and tasty with ketchup!

zhenlin · Veteran Joined: 09 Nov 2002 Posts: 1361

OK then... Print out your private key [in trinary] using large, legible font, and scan it in by OCR when you need it. Dont forget to shred (1) your digital key after printing and using, and shred the paper version after you rotate keys.

klieber · Posted: Thu Jan 02, 2003 2:46 pm Post subject:

itsr0y · Tux's lil' helper Joined: 22 Dec 2002 Posts: 81

Well, since no one seems to be answering your question, the data written to a FAT32 (Windows) drive is recoverable (to a certain extent) after deletion. When you delete the file, the system simply deletes the file's entry in the FAT tables. The information stored in the file is still techinally on the drive, but the system thinks its free space. When it needs to use some free space, it may just write over the file you deleted. But, it may also leave it there and not write over it for a while. If someone REALLY needs that information, there are services that can sometimes recover the data. I don't know how hard it is, whether it's just a program to install or if you have to take it some where, but I hear its very hard and very expensive.

To fix this problem (if it is one), there are programs that "wipe" or zero out the data. They write zeroes through the entire file THEN delete it, so that if the file is recovered, it will just be a bunch of zeroes. PGP has this feature, and I'm sure there are many more like it out there.

Granted, there still may be a chance that the data is swap space (as someone had mentioned) but this will help.

Naan Yaar · Bodhisattva Joined: 27 Jun 2002 Posts: 1549

gpg can also be used in a symmetric-cipher mode. You need to use the "-c" or "--symmetric" option for this. Then you would not need a public/private keypair. For "local" encryption of files, etc., this should work fine.

klieber · Posted: Thu Jan 02, 2003 7:53 pm Post subject:

Naan Yaar · Bodhisattva Joined: 27 Jun 2002 Posts: 1549

With symmetric encryption, you type in the passphrase when encrypting and decrypting. The passphrase is not stored anywhere on the system.

klieber · Posted: Thu Jan 02, 2003 8:31 pm Post subject:

Dalrain · Posted: Thu Jan 02, 2003 9:23 pm Post subject:

In case everyone had forgotten, faithful old floppy drives work great for holding these keys. Obviously background radiation can take some of the data out, so a backup somewhere is a good idea. An alternative is a CD with the key that can be carried by the operator that needs access to the data. (I just think floppies are better suited. They work a little faster on the in and out, and leave the CD drive free.) Also, you can destroy the floppy really easily if you need to. (Mmmm...big magnet...oops...looks like the key is gone!)

Naan Yaar · Bodhisattva Joined: 27 Jun 2002 Posts: 1549

Kurt,

Not really. The key is derived from the passphrase string (string-to-key algorithm -- s2k) and not necessarily stored with the message. Alternatively, a symmetrically encrypted message can contain one or more encrypted "session keys"; these keys are encrypted using a symmetric algorithm (or asymmetric algorithm for PK encryption). Either way, there is no easy way to discover the decryption key.

RFC2440 has more details, if you are interested.

sisyphus · Posted: Thu Jan 02, 2003 10:28 pm Post subject:

Bottom line?

If you want to be secure, learn about security (and encryption in particular in this case) and apply the lessons you learn.

Keeping your data secure isn't just about encryption. It's not a magic fix that'll forever keep you secure (I should have stated this more clearly in my original post). The only way you get there is to learn about the technologies and principles concerned. As a very interesting person said "Security isn't a destination, it's a journey" (or something like that).

You're not going to get that from this forum, start from the gpg web site and work your way around. Do the reading. If you want a reading list, post a reply and I'll get round to posting one tomorrow - busy now, sorry

.

There is no shortcut.
_________________
wibble

H-Dragon · Guru Joined: 22 Oct 2002 Posts: 547

life is all about shortcuts. if you are fast enough you don't need them, but they are there, not jsut for your entertainment.

a reading list would be great .... yet i was simply looking for a Ebuild that sort of satisfied my needs for now... and i thought one of the users in this forum already had some experience with security and encryption related stuff or programs.
_________________
WEBSITE
Do not meddle with the affairs of Dragons, for you are crunchy and tasty with ketchup!

puddpunk · l33t Joined: 20 Jul 2002 Posts: 681 Location: New Zealand

Google: 1
Google: 2
Google: 3

Ironically "encryption gpg shortcut" didn't turn up anything particulaly useful, but those should start you off...

As said before, really there isn't a shortcut for security. By the sounds of it you just seem to be wanting to hide your cracking programs from the police (illegal = bad mmmkay).

Gpg is the program you are looking for, except, it's not the "quick fix" you were looking for. You may actually have to learn how it works (god knows it took me long enough, keys, passphrases, signing, trust, and then some) but really you should.

Security needs to be your state of mind. I bet you booted up Gpg and created a key with your login password. Fair enough, but if your computer has been comprimised, it's likely that your gonna come out second best when it comes to hiding encrypted data.

Life may be about shortcuts, But really, you don't have to be fast to not need them, just smart. People who use shortcuts end up with broken things.

Thanks,
Chris.

bonsaikitten · Posted: Fri Jan 03, 2003 12:20 pm Post subject:

I would recommend storing the encryption key (still guarded by a passphrase, of course) on a small "USB Memory Stick" That way, the key is not physically _on_ the computer, this should make recovery inherently more difficult. Setup should be possible both on Windows and Linux, although it might be a bit more difficult than just setting up GnuPG ...

klieber · Posted: Fri Jan 03, 2003 1:17 pm Post subject:

H-Dragon · Guru Joined: 22 Oct 2002 Posts: 547

guess i will have to state my original question more clearly and wipe out some missunderstandings:
1) i wanted to know if there is an ebuild (or what different ebuilds there are)
2) i don't have a problem with reading and learning... as one might be able to recognize: i even do have the capability of writing (and this is not my mother-tounge)
3) it is true i hardly have time for all of this... but again. all i asked for was if there is someone with a suggestion for me (maybe different ones to make it more interesting...)

this almost-pgp sounds interesting... how strong is its encryption? do i have different choices of which alg. i want to use?
_________________
WEBSITE
Do not meddle with the affairs of Dragons, for you are crunchy and tasty with ketchup!

474 · l33t Joined: 19 Apr 2002 Posts: 714

For a good overview of PGP: http://www.pgpi.org/doc/pgpintro/. As for the nitty gritty of available ciphers and key lengths, the recommended key type is "DSA and ElGamal" and you can generate one of up to a length of 2048 I think. And various ciphers are supported including 3DES, Blowfish and CAST5. I imagine that it will be adequate for your requirements, particularly if you use a very strong passphrase that you can remember (without having to store it somewhere). I recall an excellent article in Linux Magazine (UK) which described real-world GnuPG usage in some depth (fortunately in an accessible way), so maybe you'd be interested in some of the recommendations contained therein? If so, let me know and I'll see if I can find the darned thing ...

As a side-note, app-crypt/seahorse is a nice Gnome front-end for GnuPG.

H-Dragon · Guru Joined: 22 Oct 2002 Posts: 547

someone should give you a gentoo-medal kerframil... i can't remember one topic where you didn't give me the expected answer. thanks dude.

i would love to read this article... just mail it to me if you find it.
--> danielinhawaii@gmx.net
_________________
WEBSITE
Do not meddle with the affairs of Dragons, for you are crunchy and tasty with ketchup!

True · Posted: Thu Jan 09, 2003 11:09 am Post subject:

Umm, there's also this:

http://www.jetico.com/products.htm

MacMasta · Posted: Fri Jan 10, 2003 5:26 am Post subject:

Re: Hard Drive wiping

My understanding is that Three-Letter-Agencies can retrieve data from drives five or six rewrites deep - there are gidgets you can get that will zap drives over and over again until everything is pretty much hosed.

Yeah, GPG is pretty much invincible as long as you are careful with it. Complicated, sure, but invincible.

~Mac~