Re: encryption

To: debian-user@lists.debian.org
Subject: Re: encryption
From: David Wright <deblis@lionunicorn.co.uk>
Date: Sun, 22 Apr 2018 18:15:00 -0500
Message-id: <[🔎] 20180422231500.GA14979@alum>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 22042018172421.93f4151061f6@desktop.copernicus.org.uk>
References: <[🔎] 20042018201750.130d9143617e@desktop.copernicus.org.uk> <[🔎] dcf0dea7-4f9b-9fb1-5b65-c122681c77ea@holgerdanske.com> <[🔎] 21042018112242.b4d810f1212e@desktop.copernicus.org.uk> <[🔎] 9bf75ae3-0478-37d5-f20d-e74e38c134d2@holgerdanske.com> <[🔎] 20180422161024.GB8305@alum> <[🔎] 22042018172421.93f4151061f6@desktop.copernicus.org.uk>

On Sun 22 Apr 2018 at 17:46:12 (+0100), Brian wrote:
> On Sun 22 Apr 2018 at 11:10:24 -0500, David Wright wrote:
> 
> > On Sat 21 Apr 2018 at 12:43:54 (-0700), David Christensen wrote:
> > > 
> > > On 04/21/18 08:20, Brian wrote:
> > > >On Fri 20 Apr 2018 at 17:07:10 -0700, David Christensen wrote:
> > 
> > > >> As scrypt is going to prompt you for a passphrase anyway, why don't
> > > >> you leave the script unencrypted and revise it to prompt for the
> > > >> "important password"?
> > > 
> > > Please comment.
> > 
> > One might assume that the script could have a unencrypted option to
> > select between a number of "important passwords", each of which might
> > be a long, complex, unmemorable string, subject to frequent changes,
> > and (or because) exposed to the rest of the world.
> > 
> > OTOH the passphrase protecting the script might be a single, simple,
> > fixed, memorable string only exposed to users on the machine in question.
> 
> I thought I had indicated my intention to take the advice offered and
> put the important password (a master password) in a separate file and
> source it from the script.

Sure. But the question was posed again, so I came up with one
possible reason not to prompt for the "important password".
(What made it gain that epithet hadn't been revealed at that point.)

> The script itself does not need encrypting if the master password is
> not in it. However, I would not want the separate file unencryted
> because the master password gives access to passwords for all sorts of
> websites.
> 
> Users actually have to know this master password. It is a long phrase,
> not too hard to memorise but tedious to type. As I have said, encrypting
> the separate file with scrypt allows me to get the decryption password
> down to a more user-friendly 14 characters. The prompting for the
> password is done by scrypt. There is no point in multiple people having
> different passwords. All users here are trusted.

If users are trusted, then the discussion on hiding information from
ps becomes moot, doesn't it? (That was the more interesting part of
the discussion for me.)

Cheers,
David.

Reply to:

Follow-Ups:
- Re: encryption
  - From: Brian <ad44@cityscape.co.uk>

References:
- encryption
  - From: Brian <ad44@cityscape.co.uk>
- Re: encryption
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: encryption
  - From: Brian <ad44@cityscape.co.uk>
- Re: encryption
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: encryption
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: encryption
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Kmail - slow or no erasing of mails when deleting fast
Next by Date: Re: Install 9.4 on acer V15 Nitro 4K -> black screen after choosing installation method; Kali live running and Ubuntu installation no problem
Previous by thread: Re: encryption
Next by thread: Re: encryption
Index(es):
- Date
- Thread