Spies Like Us.

[dos2unix]

Have you ever needed to encrypt and password protect a file?

My super-sophisticated method of password saving....

vi my-passwords.txt

This is just a simple text file with about 40 sets of credentials.
Each line looks something like this.

Site Username Password Security Question answer.
=============================================================
linux.org [email protected] sUp3r$EcretP@s$w0rd 42
google.com [email protected] n0ts0$ec3tP@s$w0rd fido
.....
more lines of stuff here
.....

I then encrypt this file.

zip -e mypasswords.zip my-passwords.txt

This will prompt me for password, and I'll need the password to unzip it.
I have used gpg in the past.

gpg -c filename

Again, this will ask for a password when you decrypt it.

gpg filename.gpg

But my goto these days is openssl.

openssl enc -aes-256-cbc -salt -in my-passwords.txt -out my-passwords.enc

Again, you are prompted for a password.

To open it...

openssl enc -d -aes-256-cbc -in mypasswords.enc -out my-passwords.txt

You still have to remember at least one password for these methods, but I suppose that's better than trying to remember 30 or 40
different sets of passwords. I will confess, some passwords are simply stored in my browser. Not the most secure method I know,
but convenient.

All of the servers where I work have very complex password policies. They have to be so many characters long, they have to have
uppercase, lowercase, numbers, special characters, and they expire every couple of months. You can't repeat passwords, and you can't
increment passwords. ( for example you can't change it from password1 to password2 ).

I have noticed, that after about three days of typing the same password in over and over again, I develop something called finger memory.
I don't even know what the password is after a week or two. But my fingers do. I have to type it into a text file to see what it is.

I hope this is useful to someone, I am always open to suggestions and better ideas. I have used password managers like lastpass
but I'm trusting them less and less these days. I will say, you should make a backup of your password file. I keep a copy local on
my PCs, but I also have a backup copy on a USB drive or two. Yeah, it's a pain to manage sometimes, but easier than remembering
40 different passwords. In reality I use ansible to manage this for me automatically.

 

[KGIII]

I will confess, some passwords are simply stored in my browser. Not the most secure method I know,
but convenient.

I have some stored there but they're not for important sites. They're for accounts that I absolutely do not care if they get hacked. They're for sites that probably would work just fine without specific user accounts.

 

[Condobloke]

In among all that complexity, I must confess to taking the "easy way out"\

Bitwarden

It stores 204 credentials etc....(and that needs a really serious cleaning out !)

One password controls the whole thing.

I dont use sync....simply because if some diehard 'cracks' an iphone etc, then they get entry to every damn thing with sync in play.

works for me.

 

[KGIII]

One password controls the whole thing.

I hope that it is long and complex.

That's a bit old now. That changes how quickly a computer can brute force a password. (It's much quicker today, even with the desktop computer you're using.)

 

[osprey]

Have you ever needed to encrypt and password protect a file?

My super-sophisticated method of password saving....

.

Old school here. It's pen and notebook where the passwords are recorded. There are no passwords held in electronic form. This is simply a continuation of a practice I'm accustomed to, so it's not laborious for me but I can imagine it might be for others with more pressing requirements. I record the passwords in two notebooks, one for backup.

I try to create all my own passwords and use a system which makes them relatively easy to remember. When I need to create a password I like it to be like a sentence I can remember, for example:
icurab = I see you are a bee
2p||!2p_A$ = to pee or not to pee under a dollar

 

[The Duck]

Old school here. It's pen and notebook where the passwords are recorded. There are no passwords held in electronic form. This is simply a continuation of a practice I'm accustomed to, so it's not laborious for me but I can imagine it might be for others with more pressing requirements. I record the passwords in two notebooks, one for backup.

I save my passwords here and it has never been compromised.
I have a backup also.

I try to create all my own passwords and use a system which makes them relatively easy to remember. When I need to create a password I like it to be like a sentence I can remember, for example:
icurab = I see you are a bee
2p||!2p_A$ = to pee or not to pee under a dollar

I use a similar method and mixture of characters.

I keep them simple for me to remember although they are very complex.

 

[Deleted member 201381]

Old school here. It's pen and notebook where the passwords are recorded. There are no passwords held in electronic form. This is simply a continuation of a practice I'm accustomed to, so it's not laborious for me but I can imagine it might be for others with more pressing requirements. I record the passwords in two notebooks, one for backup.

I try to create all my own passwords and use a system which makes them relatively easy to remember. When I need to create a password I like it to be like a sentence I can remember, for example:
icurab = I see you are a bee
2p||!2p_A$ = to pee or not to pee under a dollar

Well done. That is the way. I do web development and have notebooks full of passwords and select special paths to things depending on the site script and/or server. I would be lost without paper...

I figure if anyone breaks into my house to steal stuff they are probably not bright enough to use those notes anyhow...

 

[CaffeineAddict]

I develop something called finger memory.
I don't even know what the password is after a week or two. But my fingers do.

I keep my passwords in PasswordSafe but those which I have to remember like master password, PC login or disk dencryption are all in fingers, if somebody asks me to tell the password I wouldn't be able even if I want to, but fingers type on their own without brains lol.

It's almost funny how finger memory is better than brain memory because my passwords are 10-25 characters.

 

[Condobloke]

I hope that it is long and complex.

25 characters......which looks like an absolute mess. I remember it because it has connections to my wifes family, in a weird sort of way....and I have made a sentence which hints at it and is so absurd, I remember it

 

[Deleted member 155466]

I use LibreWolf secure and fast browser, and I have added KeePassXC add-ons to manage passwords. https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/official browser plugin for the open source password manager KeePassXC (recommended by LibreWolf)

 

[dos2unix]

I suppose got myself off-track a little on the thread mentioning passwords. But this could be for any file(s) you want to keep confidential. Legal documents, PDFs, deeds and mortgages. Divorce papers. Bank statements. It doesn't have to be a text file.
If you use the zip method, it won't always compress your file, but that's not the point. You are encrypting the file and protecting it with a password.

 

[f33dm3bits]

I use LibreWolf secure and fast browser

All web-browsers are secure even Chrome or else they might as well not be a browser because then it wouldn't be a useful browser if it wasn't secure and they would have no business continuing.

 

[f33dm3bits]

@dos2unix I would like to hear your views on FDE when it comes to hosting a NAS at home. For example I see the benefit for myself to encrypt my laptop because that can be stolen and my desktop because I use my desktop as a jump station to other personal systems I have access to for myself but I don't find it necessary to encrypt my NAS system because there's not a high risk or chance that someone is going to try and access my data and it seems more of risk vs how much benefit you get back from it. Maybe next time I need to reinstall it I will install it with FDE but just curious to hear your views on the matter.

 

[dos2unix]

I'm headed out for a few hours right now. I have some questions for you when I get back.

 

[f33dm3bits]

I'm headed out for a few hours right now. I have some questions for you when I get back.

You can pm me as well about this if it goes too much offtopic.

 

[osprey]

I suppose got myself off-track a little on the thread mentioning passwords. But this could be for any file(s) you want to keep confidential. Legal documents, PDFs, deeds and mortgages. Divorce papers. Bank statements. It doesn't have to be a text file.
If you use the zip method, it won't always compress your file, but that's not the point. You are encrypting the file and protecting it with a password.

For text files in vim, encryption is available natively from vim. One needs to write the file with the
-x option, for example:

vim -x <encrypted-filename>

vim will ask the user to supply a passphrase, and that passphrase will be required to open the file in future.

To discover which encryption methods one's version of vim has available, one can open vim and run:

:help cryptmethod

In the case for vim on this machine the output shows:
zip
blowfish
blowfish2
xchacha20
xchacha20v2

One can select between encryption methods.

 

[dos2unix]

You can pm me as well about this if it goes too much offtopic.

I think it's all related. I guess it mostly comes down to performance vs convenience.
Do I need everything on the entire drive encrypted? Do I need most of encrypted?
With full disk encryption I don't have to worry about it, it's all encrypted.

If it's only a couple of files. I would probably go with file encryption rather than full disk,
but these days I'm not sure it makes that much difference.

 

[dos2unix]

One needs to write the file with the
-x option, for example:

For vi/vim text files that works. But what about legal or medical documents I download that aren't in plain text format? Also what if I use kedit, gedit, nano or something besides vi?

 

[KGIII]

So, I've been thinking...

What is the kind of encryption used in Zip 3.0?

I am using zip on Arch and the version is given as "Zip 3.0 (July 5th 2008) by Info-Zip. Compiled with gcc 11.2.0 on Mar 22 2022. The encryption compilation information reads "[encryption,

unix.stackexchange.com

You can find your version of zip with this command: zip -v

It looks like one might opt for a different compression method. One other than that done by the zip application. You really want AES-256 these days as even AES-128 is now considered 'less secure'.

The .7z format supports AES-256. You can use PeaZip for that. I've never tried it in the terminal. There's no associated man page, but I did find this:

PeaZip command line use, batch scripting syntax examples

How to use PeaZip programmatically from command line, create CLI scripts, automate batch schedule compression / extraction tasks from GUI. 7Z TAR RAR ZIP syntax console shell examples

peazip.github.io

The GPG method included in the first post is AES-256, which is nice (and more secure). There are .zip password-cracking tools that do the job quite quickly, even without a dictionary attack. So, our combination of gibberish isn't necessarily a strong defense.

This is mostly some mindless rambling. In the real world, even a simple password is going to keep you protected. Well, not if you're someone that attracts attention from police or the like. Most of would be absolutely fine even keeping it in plain text, though I am not suggesting you do so. I'm merely pointing out that you're likely going to be just fine if you do so.

 

[Vimmer]

i didn't know you could encrypt a file with the zip command, that's pretty neat. I just have an open office document, which is encrypted with the longest password i have.