Date: Wed, 26 May 2004 13:53:27 -0400 From: Simon Bates <simon.bates@utoronto.ca> To: freebsd-questions@freebsd.org Subject: Re: File encryption: bdes or gpg Message-ID: <40B4D997.10807@utoronto.ca> In-Reply-To: <20040526152213.A50D94082C@fw.farid-hajji.net> References: <40B4A372.5020506@utoronto.ca> <20040526152213.A50D94082C@fw.farid-hajji.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you very much for your reply, for your comments on temp file usage, and your suggestion to use gbde. Right now I am using FreeBSD 4.9 but moving to 5 is definitely an option. I'll have a look at gbde. Thanks! Simon Cordula's Web wrote: >>I am hoping someone can give me advice on file encryption. I would like >>to encrypt a file and store it on my filesystem. I would like to encrypt >>the file so that my data is not readable by someone who gains root >>access or physical access to my computer. I do not intend to share the >>data with anyone else so a public/private key system is optional. >> >>I did some Googling and some reading of man pages and I have come up >>with 3 options thus far: >> >>1. bdes(1) >> >>2. gpg -c (/usr/ports/security/gnupg) >> >>3. gpg (/usr/ports/security/gnupg) with a public/private key pair for me >>plus a passphrase > > > 4. gbde (on FreeBSD >= 5.X) encrypts a whole filesystem. > It is much easier to use than utilities that encrypt > single files. > > 5. bdes/idea/gpg/... on top of gbde (storing an encrypted file > on an encrypted filesystem). > > IMHO, it's not really the encryption algorithm that is the weak > link, but: > a. tempfiles (or shreds of temp files) that are not physically > overwritten (including swap memory), > b. poor passphrases (too short or not random enough) > c. human error. > > Many programs write to temporary files (including buffers), before > writing the final versions out to disk. If you use encrypted filesystems > (like gbde) everywhere a tempfile is likely to be dropped (don't forget > [/var]/tmp and swap), your data would be much safer. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40B4D997.10807>