[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Copying to hidden directory

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Copying to hidden directory
From: Neil Williams <linux@xxxxxxxxxxxxxx>
Date: Sun, 26 Nov 2006 23:35:51 +0000

On Sun, 26 Nov 2006 22:41:07 +0000
Neil Winchurst <neil@xxxxxxxxxxxxxxxxx> wrote:

> > You haven't said *why* you want to copy files into a dot directory
> > anyway - these are USER CONFIG directories - they are *not* for storing
> > non-application or non-config data. These are for user-specific
> > settings, not user data.

> Yes I understand that. I have created a folder named .security which I
> use for storing my encrypted files. As a hidden folder it is not
> normally seen when looking at my home folder in Konqueror. This is just
> being extra fussy. It is the only dot folder that I copy files to. If
> you really feel that this is not a good idea I will accept your advice
> and remove the dot.

Security through obscurity is seldom worthwhile. Think carefully about
this encryption malarkey - you are encrypting files on the same machine
to a folder on that same machine using a GnuPG secret key that is also
stored on the one machine.

Spotted the flaw yet?

Anyone with access to your machine has access to the encrypted files!
If they don't have access, encryption provides no extra protection. If
they do have access, encryption is pointless because the secret key is
available. Remember: The secret key has two levels of protection - the
passphrase and access to the secret key file itself. If someone breaks
your login password they have access to the key file. If your GnuPG
passphrase is as insecure as your login password, they have access to
the encrypted files.

If you are going to encrypt sensitive data as a method of storage:
1. Encrypt to external media that do *not* also contain the secret key.
2. Make a copy of the secret key as a text file and store it somewhere
*very* safe so that if the worst happens, *you* still have access to
your own data.
3. Create a revocation certificate and store that very carefully too.
4. Store the external media separately from the machine and the key
backups so that other disasters (like fire) don't cause you to lose
access to the storage media.

Read the GnuPG FAQ on DCGLUG.

--

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgpaEQorLDCYK.pgp
Description: PGP signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html

Follow-up: Re: [LUG] Copying to hidden directory
- From: Neil Winchurst

References:
- [LUG] Copying to hidden directory
  - From: Neil Winchurst
- Re: [LUG] Copying to hidden directory
  - From: Neil Williams
- Re: [LUG] Copying to hidden directory
  - From: Neil Winchurst
- Re: [LUG] Copying to hidden directory
  - From: Neil Williams
- Re: [LUG] Copying to hidden directory
  - From: Neil Winchurst

Prev by Date: Re: [LUG] Copying to hidden directory
Next by Date: [LUG] CRTs
Previous by thread: Re: [LUG] Copying to hidden directory
Next by thread: Re: [LUG] Copying to hidden directory
Index(es):
- Date
- Thread