Tag Archives: encryption

mnemonicode: At long last we meet

I’ve been waiting quite a while to see mnemonicode pop up in the rotation. I remember adding it to the list a long while back and thinking, “That is really cool.”

mnemonicode is not a new tool; in fact, the GitHub repo I linked to is just a six-year-old (?) mirror of the original, which is apparently no longer online (but is archived, thank goodness). But I’m really glad I found it, and that Stephen Paul Weber uploaded it there.

What’s so great about it? Well, if you’re like me, and your passwords are just 12-digit strings of random letters and numbers, they can get a little clunky to remember. (But they are fairly time-consuming to force.) Unless the password actually has some intrinsic meaning to it, which mine don’t, it can be a challenge. Of course, that’s the purpose of having such an obtuse password.

But here’s what mnemonicode can do, with its mnencode and mndecode tools:

kmandla@6m47421: ~$ echo TxFX0rxNFkVN | mnencode 
 nova-figure-peru--george-side-ninja
 jargon-contact-ninja--airline

See where this is going yet?

kmandla@6m47421: ~$ echo "nova-figure-peru--george-side-ninja
> jargon-contact-ninja--airline" | mndecode
TxFX0rxNFkVN

No longer do I need to remember a string of 12 characters or letters. If I can recall the normal English words, hyphens and line breaks that mnencode gave me, I can translate it back as a matter of course.

To the best of my knowledge, this is not an additional layer of encryption. I’m not actually making the password any more secure than if I had converted with something like rot13. But it does make it easier to remember.

I’d also be a little more comfortable relaying words or sequences of numbers to someone, perhaps written down or face-to-face, if I knew they were going to pipe it back through mndecode later. Which may be part of its history, actually.

mnemonicode could use a little attention these days; aside from the archived explanation of the original program, the GitHub version doesn’t seem to have any documentation. What little I know is through experimentation.

mnemonicode is in AUR and in Sid; I’m glad to see that since I have a feeling this could be something useful in my encrypted live system. It would at least help me remember some of the more eccentric passwords I use. 😐

P.S.: No, those are not my real passwords. You should know better than that.

pwcrypt: On-the-fly password encryption

I like finding applications that are 10 or 15 years old, and discovering that they still work fine in spite of their age.

To the best of my knowledge, pwcrypt works just as well now as it did way back in 2000, when it was released into the wild.

2014-03-19-lv-r1fz6-pwcrypt

If I understand the README file right, pwcrypt allows you to inject a password and have it display as encrypted text, which might be useful in scripts and so forth.

I can’t think of a reason offhand that I would need it, personally, but it’s possible that you might see a niche where it will fit. The author has some better suggestions in the documentation.

pwcrypt has about five options, none of which are difficult to decode. And as you can see in the screenshot, it seems to do its job well … inasmuch as the results are completely indecipherable to me. 🙄

Believe it or not, that’s about all I can think of to say. It’s a short little program, it didn’t give me any stress in compiling, and it seems to do what it claims.

Can’t ask for more than that. 😀

P.S.: This one is not in AUR or Debian. A wild program, running free! 😯

luksus: Step-by-step encryption

I got a link via e-mail to luksus, and as I am more and more a fan of data encryption these days, I made a point of including it here.

2013-12-27-lv-r1fz6-luksus-01 2013-12-27-lv-r1fz6-luksus-02

Results have been … satisfactory, although luksus is a script that I have a few persnickety complaints about.

What I’ve seen of luksus so far suggests that it will handle encryption of USB keys or partitions on external drives with a minimum of effort.

It comes armed with both AES and TrueCrypt support (provided they are installed on your system), and appears poised to add gnupg and a couple others.

Perhaps even better, the scripts are usable not only in Linux but with some *BSDs as well … and we all know how security-minded those guys and girls are.

(Yes, I have thought about jumping ship. Experimenting with *BSD is on my to-do list. … 😯 )

Is this necessarily better than doing it yourself with something like cryptsetup or ccrypt? That’s up to you.

My own complaints about luksus are strictly minor — the long wait while the drive is shredded, and some issues with naming a volume that triggered errors. And it seems the information supplied in the command are repeated later in the dialog windows.

I still trust and rely on gnupg over anything, and fully encrypted volumes still make me a little nervous. Of course most of my needs for encryption involve transmitting encrypted files across the Internet, which is only somewhat practical for luksus.

I’m willing to poke around with luksus a little more though; tools like this are more and more useful as time goes on.

ccrypt: Simple encryption, simplified

A few weeks ago I ran quickly through a demonstration of how to use gnupg to encrypt a file and decrypt it again.

The purpose being, to transfer personal information across the Internet, or even just to keep it safe from accidental discovery.

ccrypt does much the same thing — in fact, it might be even better suited to the purpose.

2013-09-13-v5-122p-ccrypt

One command dedicated to encrypting, one dedicated to decrypting, and a few flags here and there to give you flexibility.

Compared to gnupg, this is much simpler to use.

I don’t know enough to tell you if ccrypt is a better encryption method than gnupg, but it seems to do the job, as you can see above.

Personally I plan to give this a few attempts, and see if I draw any attention from undesirables.

gnupg: Symmetric encryption and decryption

It would be very easy to editorialize any mention of gnupg — how it’s the most important application in your life right now, how the world today needs gnupg more than anything else.

But I’m going to swing wide of all that, and only mention gnupg for two small things: encrypting a file with a password, and decrypting it again.

I know there are lots of ways to use gnupg, and I encourage you to investigate them. This one is just the one I use most.

Let’s get started. Here’s a nifty text file, just filled with random words, then sorted.

2013-07-31-v5-122p-gnupg-01

How or what you encrypt shouldn’t really matter. I generally lump things into tar folders with scrambled file names, which means everything has a container with a file name unrelated to the contents. See here if that one-liner interests you.

Here’s the encryption command:

gpg -z 0 -c sorted.txt

You’ll be prompted for a password twice, either through a graphical text box, or inline commmand prompt. And the results are a file with the same name, appended with .gpg.

2013-07-31-v5-122p-gnupg-02

Feeding a 0 to the -z flag, as you might have checked, turns off compression. That I prefer since most of the things I encrypt are already compressed, in one fashion or another.

What’s that file look like? Let’s check.

2013-07-31-v5-122p-gnupg-03

Gobbledygook. That’s what we want. Now it’s ready for transfer, over any medium or even out over the Internet.

On the receiving end, it’s time to decrypt. Remember, you’ll need to know that password to get in there.

gpg --decrypt sorted.txt.gpg > sorted.txt

We need to redirect the output into a file, because by default gpg will decrypt to STDOUT.

2013-07-31-v5-122p-gnupg-04

And there we have it: back to where we started. Everything in order and without any errors.

Believe it or not, that’s all there is. A few small caveats:

  • This method assumes both you and the receiver have a shared password; those in the know called this symmetric-key encryption. If you need to work without a prearranged key, you’ll need to investigate other methods for gnupg.
  • You can split or otherwise manhandle gpg files, but be forewarned that any damage to the file integrity is going to seriously hamper, if not thwart, your decryption efforts. If you need to verify the integrity of a file, I’d suggest something like md5, for starts.
  • It probably goes without saying, but the strength of this method depends on a lot of factors, not least of which is your password. If you pick something simple or obvious or easy to guess or easy to attack … well, I warned you. And how easy is it to brute-force attack your password? Right this way, sirs and madams.
  • If you’re using Arch, you’re 99 percent likely to be using version 2 of gnupg. Debian, on the other hand, makes a distinction between version 1 and version 2.

There are other utilities and even software suites that handle encryption, and I urge you to look into them, even if you don’t use this method.

For my own part I like this because gnupg is a base-level program with little to no dependencies, and can run on the weakest of hardware with the least of requirements.

Oh, and by the way, using encryption apparently makes you a suspect, according to some governments. 😐