Your Obedient Serpent (athelind) wrote,
Your Obedient Serpent

  • Mood:

Tapping the Hive Mind: Simple Encryption in Linux

Question for the Hive Mind:

I am using Ubuntu Linux 9.04.

I want to simply hash up a text file, so I can just push a button or enter a short password to unlock it. This doesn't need to be bulletproof; when I was running Windows, I used EditPad Lite's ROT-13 function for the same purpose. It does, however, need to be portable: I want to be able to encrypt a file on the laptop, and open it on the desktop using the same application.

The gedit GNOME text editor has an Encrypt/Decrypt plug-in, but it drops into the OpenPGP "Passwords and Encryption Keys" application, which is a) incomprehensible gobbledygook1, b) overkill worthy of SlitherSting2, and, most importantly c) not, insofar as I can tell, particularly portable: any pass phrase I come up with will be linked to a locally-stored Encryption Key File.

That last one HAS to be wrong. The whole point of PGP is to pass encrypted files around, right?

OpenPGP also makes passwords pass phrases encryption keys thingamabobs that expire after a maximum of six months, and I don't want that. Yes, I know, blah blah blah security blah blah, but I'm not a Swiss bank. I want to be able to hash a file, ignore it for a couple of years, and then open it up and still be able to use it, even if it's on a different machine.

Heck, I've got a command-line ROT-13 hash app for Ubuntu. If I knew enough about the Ubuntu equivalent of a DOS .BAT file, I'd whip something up that just let me enter "Innocuous Command" at the command prompt, and it would turn it into "Decrypt location/ > location/useful.txt", and another one to go the other way.

Now, I wouldn't mind PGP-level security, if I could make it portable and access it with a minimum of fuss.

1"Ubuntu" is not in the default dictionary for the spell-checker in Ubuntu, but "gobbledygook" and "thingamabobs" are.
2Yes, that will get an Argot entry eventually.

You know, I'm gonna Andy Rooney here for a minute.

There's an ongoing and, as far as I can tell, unsolved conflict between Keeping Your Data Secure and Actually Being Able To Use It Yourself.

I constantly hear that :

  • Passwords should be hard to guess.
    • This, of course, makes them hard to remember.

  • The best passwords are completely random.
    • ... making them impossible to remember.

  • You should have different passwords for every site and log-on.
    • ... giving you vast amounts to remember.

  • You should change your passwords regularly.
    • Ibid.

  • You should never, ever write them down, because anyone who finds your password book has access to your whole life.
    • Not that you have much of a life, since you spend all your time trying to access sites whose passwords you no longer remember.

  • You shouldn't store them on your computer, either, because anyone with physical access to your machine will, again, have full access to Your Whole Life.
    • Besides, if anything happens to your computer, or if you have to use a different one, you'll have totally forgotten all your passwords.

Summary: Online Security and Password Protection lie somewhere between Catch-22 and Kobayashi Maru. Unless you spent the points for Full Eidetic Memory, you have to compromise on at least one of the above, and probably more.

That's not really a question. It's just me bitching.

Tags: computer, hivejournal, linux, security, ubuntu

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded