Thank you very much for your reply, for your comments on temp file usage, and your suggestion to use gbde. Right now I am using FreeBSD 4.9 but moving to 5 is definitely an option. I'll have a look at gbde.


Cordula's Web wrote:
I am hoping someone can give me advice on file encryption. I would like to encrypt a file and store it on my filesystem. I would like to encrypt the file so that my data is not readable by someone who gains root access or physical access to my computer. I do not intend to share the data with anyone else so a public/private key system is optional.

I did some Googling and some reading of man pages and I have come up with 3 options thus far:

1. bdes(1)

2. gpg -c (/usr/ports/security/gnupg)

3. gpg (/usr/ports/security/gnupg) with a public/private key pair for me plus a passphrase

4. gbde (on FreeBSD >= 5.X) encrypts a whole filesystem.
It is much easier to use than utilities that encrypt
single files.

5. bdes/idea/gpg/... on top of gbde (storing an encrypted file
on an encrypted filesystem).

IMHO, it's not really the encryption algorithm that is the weak
link, but:
  a. tempfiles (or shreds of temp files) that are not physically
     overwritten (including swap memory),
  b. poor passphrases (too short or not random enough)
  c. human error.

Many programs write to temporary files (including buffers), before
writing the final versions out to disk. If you use encrypted filesystems
(like gbde) everywhere a tempfile is likely to be dropped (don't forget
[/var]/tmp and swap), your data would be much safer.

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to