(question) Encrypting a single file
Mike Kallies
mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Mar 25 23:07:48 UTC 2011
On Fri, Mar 18, 2011 at 4:34 PM, William Park <opengeometry-FFYn/CNdgSA at public.gmane.org> wrote:
> On Fri, Mar 18, 2011 at 04:20:32PM -0400, ttanski-iRg7kjdsKiH3fQ9qLvQP4Q at public.gmane.org wrote:
>> On Fri, 18 Mar 2011, William Park wrote:
>>
>> > Hi, I'm currently keeping all personal infos (ie. contacts, accounts,
>> > passwords, pins, etc.) on paper address book. I would like to store
>> > them on a single textfile. How do you encrypt/decrypt a single file?
>> >
>> > I used "cryptsetup" before, but that's for entire partition. I guess I
>> > can use password option in "zip", but that's so old fashion. :-)
>>
>> Have a look at KeePassX (http://www.keepassx.org/)
>
> Thanks. Another layer of "database" is too much for my need. However,
> KeePass would be useful for "salespeople" as was discussed in recent
> TLUG meeting, where sheer volume of contact list requires more than just
> textfile, but don't want coworkers using that list.
Don't dismiss Keepass lightly. It is a remarkable program which
addresses many problems.
Plain text rendering of encrypted passwords has a problem in that
they're subject to being shoulder-surfed, leaked into terminal logs or
x-buffers or clipboards. The tool has multiple methods to cope with
this, such as drag-and drop or keystroke playback into password
fields. Admittedly, these methods are strongest on Windows, but they
do work on Linux too.
For example, I routinely use Keepass to log on to sites while my
machine is visible on conference screens or on screen sharing
applications.
It also has an encryption key-file setup which permits you to easily
publish the encrypted file to a central, relatively public location
where your teammates can sync without risking brute-force *password*
attacks against the file. It will additionally work with multiple
databases simultaneously.
Other gui-type aspects such as auto-save, auto log-out, saves you the
risk of accidentally leaving the file unlocked when your machine is
suspended or when you walk-away from your computer (you *do* auto-lock
and password protect your screen?)
Password reuse and sharing is a *far* greater weakness than recording
your passwords in a central database. It's strange to me that you'd
say "Salespeople" because I would think that technical people have a
far, far greater need for password management tools than salespeople.
I can't imagine a technical person keeping all these different
passwords in their head without password reuse or a clever algorithm
to generate passwords (which can be discerned knowing one or two of
their passwords).
Keepass can also dump to a plain text file, which can then be
encrypted with GPG for your backups.
Is there a reason you're storing passwords along with your contact
information? Are these being used for user accounts?
-Mike
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list