In this post, I shall indicate how I have used encryption, and my experience with that use.
My first serious use of encryption, was with ssh. This was back when many LANs were still using 10 mb/s ethernet, with an ethernet hub. Everything sent on the network was potentially visible to other computers connected through the same hub. Back in those days, it was common for hackers to break into unix systems and set the network interface to promiscuous mode. Then they would log all packets seen on the LAN, allowing them to pickup passwords used on other computers, not just the ones they had hacked into.
Using ssh gave me an encrypted channel for logging into computers. So even if those packets were being logged, the hacker would not see the password. Unfortunately, few computers were running ssh back then, so there were some systems that I had to connect to using telnet or rlogin. So I got into the habit of using a different password for such less secure sites. That would allow me to restrict my primary password to sites where I did have ssh access.
These days, ssh software is part of a standard install for most unix/linux systems, and clients are readily available for Windows. On the rare occassions that I connect from a Windows system, I use PuTTY. Otherwise I am mostly using openssh.
With ssh as part of the standard software, it is rather easy to use. Back when I started with it I had to locate source software, compile and install. But that is no longer necessary. I mostly use public key authentication. Some people may find the learning curve a bit steep, but it is the easiest and probably the best way to use ssh once you are familiar with that. I do keep my private key encrypted. I use ssh-agent or similar to hold a copy of the decrypted key. With opensuse, running ssh-agent is part of the standard desktop startup.
Not much to comment here, since most people are using secure connections. I did experimentally setup a secure web site for our department. It was not hard to configure.
I have mainly used openpgp for email, when security was needed. I normally use the GnuPG software (gpg4win for the Windows version).
I have sent quite a few encrypted emails. But most of those were to students in a security class. The content of the mail was trivial. It was an exercise in getting the students up to speed with encryption. For real use, I have only occasionally needed encryption. That was mostly when discussing an unannounced bug in an open source software project. We used encrypted email to prevent the information from leaking until there was a fix available.
I have only rarely used pgp (gpg) signatures on email. It has always seemed to me that people could recognize that a message was mine from the writing style, and I wasn’t doing anything where forged email was a strong possibility. I did sometimes sign usenet posts, because forgery there was rampant.
As for software, many of the linux mail clients support pgp/gpg. I have mainly used exmh and Thunderbird (with the enigmail extension). On Windows there is less choice, so Thunderbird might be the way to go if you want the same software on both Windows and linux.
The major difficulty with encrypted email, is that so few people use it.
I have kept some data in encrypted files. I did this using gpg, encrypting to myself using my public/private key pair. I mainly use it for a file copy of passwords for various web sites. It is a bit inconvenient. Reading the encrypted file is not too bad. But, from time to time, it needs to be updated. This requires making an unencrypted copy, updating that, re-encrypting, then shredding (or overwriting) the unecrypted versions of the file before deleting that file. Skipping some of those steps could leave copies of the unencrypted data around, which weakens the security. Now that I am using encrypted file systems, that’s easier to manage. As long as I keep the unencrypted version of the file on an encrypted file system, it will be reasonably protected.
Encrypted file systems
I have used both encrypted partition, and the ecryptfs file system. Both work reasonably well. I’ll discuss the use of encrypted partitions here, and comment on ecryptfs later in this post.
When using an encrypted partition, it is important to remember that if a hacker breaks into your running system, he will see the unencrypted data. The encryption only provides protection when the system is powered down. The data remains protected on power up, but only until you provide a key for decrypting. Thereafter, the unencrypted data is visible to anyone who has access to the files.
An encrypted partition serves two main purposes:
- On a laptop, it provides protection if the laptop is ever stolen. The data on the physical disk is encrypted, and the thief probably stole it when it was powered down.
- Old computers eventually die or are disposed of. If sensitive data was on an encrypted partition, you won’t have to worry about whether somebody can rescue the computer from the scrap yards, and recover that data.
If using encrypted partitions, then I recommend that you use encrypted swap, and mount “/tmp” as tmpfs so that anything in “/tmp” is either in volatile memory or on encrypted swap. What other partitions to encrypt will depend on your needs. Encrypting “/home” is probably the most important. If you manage a lot of multimedia data (pictures, videos, etc), and if those are not sensitive, then you might want to put those on a separate partition where they are not encrypted. If they are sensitive (very private pictures), then you should probably have them on an encrypted partition.
I’ll give details in how I setup encrypted partitions in separate posts. Check the “crypto” link at the top of the page for links.
For backups, I have just backed up the partitions while they are visible. This puts unencrypted data in the backups. I have been shredding old backup images when I delete them. I may start to use the “dar” software, which would allow me to encrypt a backup.
It is possible to backup an encrypted partition as a raw sector-by-sector image. But then you run a risk. If part of the image is corrupted, it might be difficult to recover files. And you then have no protection if you forget the encryption key for the encrypted partition. I prefer to backup unencrypted, except where the backup software allows separate encryption of images. When using encrypted images that way, I will use a random key, and record that key in a file. I will have separate copies of the file, in case one should get damaged.
The ecryptfs file system is interesting. I am using it with a default setup where $HOME/Private uses ecryptfs. It solves some of the problem of encrypted files and some of the problems of an encrypted partition. The data is stored on the physical disk as an encrypted file. When the ecryptfs file system is mounted, an unencrypted version of those files exists in a virtual file system. I keep the ecryptfs file system unmounted when I am not logged in, so the unencrypted data is only visible when I am logged in. And when I do backups, I make sure that the ecryptfs file system is not mounted. That way, only the encrypted version of the file exists on the backup medium.
Where I have an encrypted file that I want to update, I keep the unencrypted version on the ecryptfs file system. That way, the unencrypted data is never on the physical disk. And note that you should be using an encrypted swap partition if you use ecryptfs. That’s because the virtual unencrypted file system has to go somewhere, and if the memory used is swapped out, you don’t want unencrypted data on your swap partition.