Symmetrical encryption or ...

Doug Barton dougb at dougbarton.email
Sat Nov 22 03:37:03 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 11/20/14 10:40 AM, Dave Pawson wrote:
| Requirement. Two machines (one Linux, one Windows).
|
| I want a secure file 'shared' between them, as a pwd-safe.
|
| Only I use the two machines, but need the file encrypted.
|
| Any alternatives to symmetrical encryption of a file?

Either symmetric or PK encryption would suit your needs, but as
someone pointed out already, a better solution is to use a password safe.

KeePass is an excellent solution, and I use the same password db
between Windows, Linux, and OS X (not in that order). :)  You want to
use the lowest common denominator format between those systems, which
at this point is the 1.28 version for Windows, and the keepassx
version that comes with most Linux distributions (I use Ubuntu
primarily). For OS X it gets a little trickier, since the version that
includes auto-type is community sourced, but the person who produces
it is well trusted, and a lot of people use it.

Schneier had an interesting blog post recently about password safes,
with a link to papers that did extensive research on them. KeePass
came out looking pretty good, as one of the key problems with most
password safes is that if the auto-type is truly automatic, it can be
triggered by malicious software and grab your passwords off the
clipboard in windows. While KeePass does have an auto-type feature,
you have to trigger the key sequence to use it, and that sequence is
user-configurable. And obviously you don't want to use solutions like
LastPass, where your stuff is stored in their cloud. The question of
"What if they get hacked?" is no longer academic, since it happened
recently.

For synchronization between systems I use SpiderOak, which also has
clients for all 3 platforms. KeePass already encrypts the db file, and
SpiderOak, unlike most "cloud storage" platforms, encrypts the files
it backs up locally (on your system) with a special key that the
company does not know. The upload channel is encrypted to their
servers as well, so your data is never available in the clear. Because
they don't know the encryption key your data is never de-duplicated
with other people's stuff, although if you set up folder
synchronization between systems the same files will be de-duplicated
within your own account.

... and speaking of folder synchronization, one of the things I like
about SpiderOak is that you can set up arbitrary folders to
synchronize between systems, you don't have to put all of your stuff
in one folder. You can also configure it to exclude certain files from
syncing, which is handy to avoid synching the .lock file for KeePass. :)

http://keepass.info/index.html

https://www.schneier.com/blog/archives/2014/09/security_of_pas.html

If you use this link to sign up for SpiderOak, I get free space. :)
https://spideroak.com/signup/referral/25c4971714a13f13c24fa98a43317dc2/

Or, here is the regular link, if you prefer:
https://spideroak.com/

hope this helps,

Doug

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJUb/bPAAoJEFzGhvEaGryEq9EH/0pwRxi7PpJMlJs9yGOvdcBO
+oqL6uJ99U72kdmUeznLzSewN5pHJoKB26gHAqs2WvNnoNGDOfRKz89ijKxCOWbE
8uJfz+AEqDJLe6CdLXSVTTa8SdLDydYUqrQZuV3aPxVPCCA91I4vi0HVB3MAlqLV
ndOEaX6wP6/GCqVDkHUDQ9V37jmFHa7jl2RKFXj5BRL31ztQuqVQ4VlCiVbZFvje
aipBL8p1l9EBdEUdQIM7tnykeP9EY+0F5zQmSqAuxxk+CFKQZBJ2FqZN1bnvi5OC
QQFaUy4sGQKdI/uoOQOVM5YHXzQxJ6tZY1zFUudQwcs/Sdi2EQkRZQVOpMHeeqQ=
=dI3t
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list