File encryption: bdes or gpg
Cordula's Web
cpghost at cordula.ws
Wed May 26 08:23:19 PDT 2004
> I am hoping someone can give me advice on file encryption. I would like
> to encrypt a file and store it on my filesystem. I would like to encrypt
> the file so that my data is not readable by someone who gains root
> access or physical access to my computer. I do not intend to share the
> data with anyone else so a public/private key system is optional.
>
> I did some Googling and some reading of man pages and I have come up
> with 3 options thus far:
>
> 1. bdes(1)
>
> 2. gpg -c (/usr/ports/security/gnupg)
>
> 3. gpg (/usr/ports/security/gnupg) with a public/private key pair for me
> plus a passphrase
4. gbde (on FreeBSD >= 5.X) encrypts a whole filesystem.
It is much easier to use than utilities that encrypt
single files.
5. bdes/idea/gpg/... on top of gbde (storing an encrypted file
on an encrypted filesystem).
IMHO, it's not really the encryption algorithm that is the weak
link, but:
a. tempfiles (or shreds of temp files) that are not physically
overwritten (including swap memory),
b. poor passphrases (too short or not random enough)
c. human error.
Many programs write to temporary files (including buffers), before
writing the final versions out to disk. If you use encrypted filesystems
(like gbde) everywhere a tempfile is likely to be dropped (don't forget
[/var]/tmp and swap), your data would be much safer.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list