LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How would you rate the importance of default settings in security?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: May 16th, 2008
Linux Security Week: May 13th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Cryptography
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



GPG-Based Password Wallet  15 May 2008 
Source: Linux Journal - Posted by Bill Keys   
Like many Internet addicts, I have way too many user name/password accounts to remember: accounts on social-networking sites, rarely used logins at work, on-line banking and so on. One solution to this problem is to use the same user name and password everywhere, but that's clearly not safe; if people get a hold of your account information in one place, they own all your other accounts too.

I wanted a relatively safe, flexible and easy way to store passwords and other useful confidential information. I also wanted it to be easily accessible, which meant that I'd like to get at it over a text-only SSH connection. And, I wanted it to be something that could move around from machine to machine without too much trouble. This article looks at ways of storing passwords securely. With all those password we have to remember it's a good securely practice to store them encrypted.

Write Comment

 
Firefox 3 Improves Handling of Invalid SSL Certificates  01 May 2008 
Source: tuxmachines - Posted by Bill Keys   
I have downloaded the beta of Firefox 3 to check out the improvements related to SSL. First, there's the added support for Extended Validation SSL certificates, but I am not very excited about that (I wrote about this previously in Extended Validation SSL certificates not going anywhere, as predicted). It's a nice feature, but it's not going to bring much good overall. On the other hand, I am very happy with the improvements to the handling of invalid SSL certificates. A much needed improvement to handling invalid SSL certificates were added to Firefox 3. What do you think about the improvements.

Write Comment (2 Comments)

 
Protecting Directory Trees with gpgdir  25 April 2008 
Source: Linux.com - Posted by Bill Keys   
gpgdir uses GNU Privacy Guard (GnuPG) to encrypt and decrypt files or a directory tree. You could accomplish the same objective by tarring the filesystem up and then encrypting the tar.gz file with GnuPG, but then you would still have to shred or wipe every file in the original directory tree. With gpgdir the whole tree is encrypted in one command. Do you use gpgdir? What do you think about it? This article goes through everything you need to encrypt and data on your system.

Write Comment

 
Bypassing Disk Encryption With a Spray Can  27 February 2008 
Source: Network World - Posted by Bill Keys   
It turns out that some researchers at Princeton University followed up on earlier research showing that modern computer memories retained their contents even with the power off (known as memory remanence), and that the retention time could be lengthened by cooling the memory. (See the chapter on physical tamper resistance in Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems. I always file it interesting researching the state of encryptions security. What do you think the future of computer encryptions is? Are we going to have to invent better encryption algorithms?

Write Comment

 
Easy Crypt for Ubuntu  03 December 2007 
Source: Ubuntu Guru - Posted by Ryan Berens   
Do you consider your files "top secret" information? Do you keep sensitive work information or bank account information on your computer? What your gift list for the holiday season? :)

Either way, if you want some serious encryption on you system, look no further than EasyCrypt: a military grade encryption tool that can allow for AES 512-bit Whirlpool encryption. I tried using TrueCrypt on Ubuntu in the past, but found it annoying to be entering terminal commands several times a day to access the encrypted file. I find Easy Crypt to be a speedy, practical, and easy to use interface on a daily basis.

With the basic Easy Crypt setup, your locked files are saved as a hidden file in your user directory, located at /home/username/.easycrypt-crypt (although using the ‘expert’ mode you can choose to use a crypt saved at any location, including a USB key)

Write Comment

 
Flaws found in OpenSSL encryption module  30 November 2007 
Source: Government Computer News - Posted by Ryan Berens   
The OpenSSL library of encryption algorithms has just been patched by the OS Software Institute. This open source module has been utilized at many government agencies, and is an interesting example of two things: the effectiveness of Open Source technologies in the most demanding environments and how the kind of work that still needs to be done in the government sector regarding secure Internet infrastructure:
"For FIPS 140-2 validated software no changes are permitted without prior CMVP approval so neither of these patches can be applied to the v1.1.1 distribution for the purposes of producing a validated module," Steve Marquess of OSSI said in the announcement of the patches.

That means that for the time being federal users must continue using the flawed software or patch it and go out of compliance.

Write Comment

 
SSL Encrypting Syslog with Stunnel  06 November 2007 
Source: hungrypenguin - Posted by Bill Keys   
Syslog is a clear-text protocol. That means anyone with a sniffer can have a peek at your data. In some environments, this is no problem at all. In others, it is a huge setback, probably even preventing deployment of syslog solutions. Thankfully, there is an easy way to encrypt syslog communication. I will describe one approach in this paper. Do you use Syslog? Have you thought about encrypting the logs which are being forwarded over the network? Protecting your logs is an important security practice.

Write Comment (1 Comments)

 
Digital Security With GnuPG Plugins  17 September 2007 
Posted by Bill Keys   
The GNU Privacy Guard (GnuPG) allows you to encrypt, decrypt, sign, and verify communications and data, as well as create and manage the keys needed for these tasks. It is a full, open source implementation of the OpenPGP Standard (RFC2440) and is integrated into many Linux applications ranging from clipboard applets to instant messaging clients. These applications make it easy to use GnuPG for digital security in the GNOME desktop environment. Most user's don't use any form of encryption when sending information over the Internet. Is the problem that it's not alway easy to use encryption? However, with theses GnuPG plugins user's can easily protect all their Internet traffic without touching the command line.

Write Comment (1 Comments)

 
All Systems go for Validation of Updated OpenSSL Module  12 September 2007 
Source: Linux.com - Posted by Bill Keys   
When the Open Source Software Institute (OSSI) sought Federal Information Processing Standards (FIPS) 140-2 validation for its OpenSSL toolkit last year, it was anything but smooth sailing. OSSI has just submitted a new OpenSSL update for FIPS validation but, according to Executive Director John Weathersby, things are bound to go much more smoothly this time around. OpenSSL, allows programs to securely exchange data over a network. The reason that it took so long was they had complaints about the validity of the code base. Another part of this article which should be noted is government agencies are starting to consider using OpenSSL as a data exchange solution. Have you tested out the new OpenSSL update yet?

Write Comment

 
Encrypted Ubuntu 7.04  30 July 2007 
Source: Softpedia News - Posted by Bill Keys   
Did you ever live with the fear that somebody may break into your system one day and steal your files? Well, those days are over, because you can now have an entire encrypted operating system. This was the first time I thought about taking the time to encrypt my whole operating system. Is encrypting the entire operating system worth the time? I feel encrypting persional information like phone numbers or bank information is important but most of what is on my operating system is things I don;t care that others see. However there is a way to encrypt the whole operating system with a Live CD to protect everything on a Linux users computer.

Write Comment

 
<< Start < Prev 1 2 3 Next > End >>

Results 1 - 10 of 836
    
Partner:

 

Latest Features
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Meet the Anti-Nmap: PSAD
Open Source Tool of February: Nmap!
HowTo: Secure your Ubuntu Apache Web Server
SSH: Best Practices
Yesterday's Edition
Strong passwords no panacea as SSH Brute-Force Attacks Rise
Tools circulate that crack Debian, Ubuntu keys

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.