Skip to main content

Encryption Methods in Linux


Encryption Methods


Passwords are one of the most main security features used nowadays. It’s very important for you to have secure and un-guessable passwords. Most Linux distributions have passwd programs that won’t allow you to set easily guessable password plus there are many encryption software in the market that can do this. Make sure that your passwd program is always up to date and has such features. An in-depth details of encryption is beyond the scope of this article, so kindly keep reading.


Encryption Methods in Linux



Encryption software is very useful and even necessary in our current time. There’re many methods of encrypting data and each method has its own characteristics. Most Linux distributions mainly use a one-way encryption algorithm, which is called Data Encryption Standard (DES) for encrypting passwords.


Brute force attacks including “John the Ripper” or “Crack” can usually guess passwords unless the password is sufficiently random. PAM modules allow user to use different encryption routines with his passwords (e.g. MD5). User can use “Crack” to his advantage, as well. User should consider periodically running “Crack” against his own password database in order to find insecure passwords.


Public-Key Cryptography and PGP


Public-Key Cryptography uses one key for encryption and one key for the decryption. However, the traditional cryptography uses the same key for both encryption and decryption, which has to be known to both parties, and thus transferred somehow securely from one to the other.


Pretty Good Privacy (PGP) is very well-supported on Linux. Just be sure to use a version which is applicable to your country. As due to some export restrictions by the US Government, strong-encryption is not allowed from being transferred in any electronic form outside the country.


Secure Shell (ssh) and stelnet


stelnet and ssh are suites of programs which allow user to login to the remote systems and have an encrypted connection.


openssh is another suite of programs but is used as a secure replacement for rlogin, rsh, and rcp. It uses the public-key cryptography for encrypting the communications between 2 hosts, as well as for authenticating users. It can also be used for securely logging into a remote host or for copying data between hosts, while preventing the man-in-the-middle attacks and/or the DNS spoofing. It’ll perform the data compression on users’ connections, and will secure X11 communications between the hosts.


SSLeay is a free implementation of Netscape’s SSL protocol. It has several applications including Secure telnet, several databases, a module for Apache, as well as various algorithms such as Blowfish, DES, and IDEA.


PAM (Pluggable Authentication Modules)


Newer versions of the Debian Linux and Red Hat Linux distributions ship with unified authentication scheme which is called “PAM”, which allows user to change his authentication requirements and methods on the fly, as well as encapsulates all the local authentication methods without the need to recompile any of his binaries.


Following are some things that user can do with PAM:


Allow particular users to login only at particular times from particular places.


Set resource limits on all his users so they can’t perform denial-of-service (DoS) attacks.


Use encryption other than DES for his passwords to make them harder to brute-force decoding.


Enable shadow passwords on the fly.


Within a few hours of user’s system installation and configuration, he can prevent various several attacks before they even occur.


Cryptographic IP Encapsulation (CIPE)


The main goal of this encryption software is providing a facility for secure subnetwork interconnection across insecure packets network such as the internet against eavesdropping, including faked message injection, and traffic analysis.


Cryptographic IP Encapsulation encrypts the data at the network level. Packets that are traveling between hosts on the network are encrypted. The encryption engine is placed near the driver that sends and receives those packets.


This is unlike SSH that encrypts the data by connection, at the socket level, not the network level. The logical connections between programs that are running on different hosts are encrypted.

Cryptographic IP Encapsulation can be used in tunneling for creating a VPN. Low-level encryption has the advantage that it may be made to work transparently between the two networks connected in the Virtual Private Network, without change to the application software.

Shadow Passwords


Shadow passwords are other means of keeping user’s encrypted password information secret from other normal users. Newer versions of both Debian Linux and Red Hat use the shadow passwords by default, but on any other system, encrypted passwords are stored in /etc/passwd file for all users to read. Anyone can then run any password-guesser program on them and try to find out what they are.

Shadow passwords, on the contrary, are stored in /etc/shadow that only privileged users can read. For using shadow passwords, user needs to make sure all his utilities which need an access to the password information are recompiled to support them. PAM that I described above also allows you to just plug-in a shadow module as it doesn’t require any re-compilation of the executable.



Labels:

Comments

Post a Comment

Popular posts from this blog

What is STP? - Explain Advantages and Disadvantages

The Spanning Tree Protocol is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. STP is a protocol. It actively monitors all links of the network. To finds a redundant link, it uses an algorithm, known as the STA (spanning-tree algorithm). The STA algorithm first creates a topology database then it finds and disables the redundant links. Once redundant links are disabled, only the STP-chosen links remain active. If a new link is added or an existing link is removed, the STP re-runs the STA algorithm and re-adjusts all links to reflect the change. STP (Spanning Tree Protocol) automatically removes layer 2 switching loops by shutting down the redundant links. A redundant link is an additional link between two switches. A redundant link is usually created for backup purposes. Just like every coin has two sides, a redundant link, along with
5 comments
Read more

What are the Advantages and Disadvantages of TCP/UDP ?? Difference between TCP and UDP

As in previous blog we have define and explain about what is TCP and UDP and from now we are moving ahead with Advantages, Disadvantages and Difference of TCP and UDP but for this you have to know about TCP and UDP hence to understand it go for a What is TCP and UDP . Advantage of TCP Here, are pros/benefits of TCP: It helps you to establish/set up a connection between different types of computers. It operates independently of the operating system. It supports many routing-protocols. It enables the internetworking between the organizations. TCP/IP model has a highly scalable client-server architecture. It can be operated independently. Supports several routing protocols. It can be used to establish a connection between two computers. Disadvantages of TCP Here, are disadvantage of using TCP: TCP never conclude a transmission without all data in motion being explicitly asked. You can't use for broadcast or multicast transmission. TCP has no block boundaries, so you
Post a Comment
Read more