[arachne] Re: password encryption
- From: "Samuel W. Heywood" <sheywood@xxxxxxxxxxx>
- To: arachne@xxxxxxxxxxxxx
- Date: Thu, 29 Oct 2009 21:20:54 -0400
Arachne at FreeLists---The Arachne Fan Club!
On Thu, 2009-10-29 at 18:56 -0500, Rob wrote:
> Arachne at FreeLists---The Arachne Fan Club!
>
> Doh! I forgot to put in the URL!
>
> http://www.viste-family.net/mateusz/software/pbox/
>
> On Thu, 29 Oct 2009, Rob wrote:
> >
> > I thought I should post this for the security conscious on
> > the list. It's a console program for encrypting a list of
> > passwords, PINs, and such. It's a 128bit AES encryption. I
> > couldn't see on the website if that referred to the block
> > size or key size. Either way that would be decent encryption.
> > AES has been cracked before, but it's certainly beyond anything
> > a script kiddie could pull off. As far as I know, the U.S. gov.
> > and the NSA still use it for classified 'Secret' info. It's
> > available for DOS, Linux, and Windo$e.
> > Rob
Now that the subject of file encryption has come up again, you might
want to re-visit an old post about this that I contributed:
--------------- begin quoted material (quoting self) -------------------
From: "Samuel W. Heywood" <sheywood@xxxxxxxxxxx>
* To: arachne@xxxxxxxxxxxxx
* Date: Sat, 26 Sep 2009 00:00:43 +0800
Hello folks:
Subject of this message,"ccrypt", is about a relatively new command line
utility which is thought to provide very strong encryption/decryption
for files and data.
I have been using this program in a "dos-box" running under Windoze.
Also I have been using it with a linux terminal. For people accustomed
to working with the command line, ccrypt is a very simple program to use.
According to a FAQ written by the program's author:
"Ccrypt works on Linux, Windows, Macintosh OS-X, Unix, and in principle,
on many other platforms."
Source of quote: "http://ccrypt.sourceforge.net/faq.html";;
I wonder if the developers could,"in principle", port this program to DOS.
------------- end quoted material (quoting self) ---------------------
Also, according to several sources, ccrypt is currently a very serious
contender being considered by the US Department of Defense for
replacement of the DES encryption which is currently in use by DoD.
Oh, one really cool feature of ccrypt is that, after encrypting a file,
the program automagically "wipes" your plain text version. It wipes
over the plain text version several times by overwriting it with random
patterns. A most important thing about doing file encryption properly
is to see to it that your plain text version is completely shredded and
destroyed by a file wiping procedure. As you know, if you merely
"delete" a file it can usually be very easily recovered.
Sam Heywood
Arachne at FreeLists
-- Arachne, The Premier GPL Web Browser/Suite for DOS --
Other related posts:
