[H-GEN] Encrypting a tar backup

Andrae Muys amuys at contal.net.au
Wed Oct 23 19:36:53 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Jason Parker-Burlingham wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> 
> Douglas C <chexsum at optusnet.com.au> writes:
> 
> 
>>Jason Parker-Burlingham wrote:
>>
>>>Just a note, but both of those algorithms will be useless for
>>>encrypting the original poster's data (or perhaps they could be used
>>>to encrypt, but they'll, uh, do it too well, if you catch my drift).
>>
>>Hmm, maybe I am incorrect but I thought both of these algorithms were
>>2 way (encrypt and decrypt) and 'password' based. *guessing at the
>>drift hinting of one-way encryption*
> 
> 
> Both MD5 and SHA1 are message hash algorithms.  They take a message
> (say "Mary had a little lamb") and turn that into a single value which
> is hard to predict, given the input, and (hopefully) impossible to
> reverse:
> 
> 	$ echo "Mary had a little lamb" | md5sum
> 	4a856d9d7ade0272346a5200244ee925
>         $ echo "Mary had a little lamb." | md5sum
>         e1656e417993e7977d222cb4564c29b6
> 
> (I don't have an implementation of SHA1 at hand.)
> 
> You can see that just the addition of a period at the end of the
> sentence has completely changed the result.  As far as I know, no-one
> has ever succeeded in finding a way to reverse the result of the MD5
> hash.  (If anyone does it would be a fairly major achievement.)
> 
> Both MD5 and SHA1 are documented as RFCs and fairly easy to implement.
> 
> 
>>ccrypt might be something else to read about if an implementation of
>>neither of these algos is suitable but I know less about this -
> 
> 
> Actually you've probably hit the nail on the head---ccrypt (not
> crypt[1]!) uses the Rijandel cipher, which is supposed to be quite
> good (but I'm not sure if it's been extensively tested or not).
> 

Well given that it was adopted as the new AES (American Encryption 
Standard; replaces DES), I would humbly suggest it has at least recieved a 
passing glance by cryptoanalysts ;).  ccrypt is what I personally have used 
to encrypt archives when we determined encryption was necessary 
(specifically a source-code escrow agreement[1]).  One hint though, 
probably a good idea to include both the source and the binary package for 
whatever encryption program you use unencrypted alongside any encrypted 
file!  You DO NOT want to be trying to find/build/install/etc a copy of 
Rijandel just to access your archive.

Andrae


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list