Skip to main content

Encryption Methods in Linux


Encryption Methods


Passwords are one of the most main security features used nowadays. It’s very important for you to have secure and un-guessable passwords. Most Linux distributions have passwd programs that won’t allow you to set easily guessable password plus there are many encryption software in the market that can do this. Make sure that your passwd program is always up to date and has such features. An in-depth details of encryption is beyond the scope of this article, so kindly keep reading.


Encryption Methods in Linux



Encryption software is very useful and even necessary in our current time. There’re many methods of encrypting data and each method has its own characteristics. Most Linux distributions mainly use a one-way encryption algorithm, which is called Data Encryption Standard (DES) for encrypting passwords.


Brute force attacks including “John the Ripper” or “Crack” can usually guess passwords unless the password is sufficiently random. PAM modules allow user to use different encryption routines with his passwords (e.g. MD5). User can use “Crack” to his advantage, as well. User should consider periodically running “Crack” against his own password database in order to find insecure passwords.


Public-Key Cryptography and PGP


Public-Key Cryptography uses one key for encryption and one key for the decryption. However, the traditional cryptography uses the same key for both encryption and decryption, which has to be known to both parties, and thus transferred somehow securely from one to the other.


Pretty Good Privacy (PGP) is very well-supported on Linux. Just be sure to use a version which is applicable to your country. As due to some export restrictions by the US Government, strong-encryption is not allowed from being transferred in any electronic form outside the country.


Secure Shell (ssh) and stelnet


stelnet and ssh are suites of programs which allow user to login to the remote systems and have an encrypted connection.


openssh is another suite of programs but is used as a secure replacement for rlogin, rsh, and rcp. It uses the public-key cryptography for encrypting the communications between 2 hosts, as well as for authenticating users. It can also be used for securely logging into a remote host or for copying data between hosts, while preventing the man-in-the-middle attacks and/or the DNS spoofing. It’ll perform the data compression on users’ connections, and will secure X11 communications between the hosts.


SSLeay is a free implementation of Netscape’s SSL protocol. It has several applications including Secure telnet, several databases, a module for Apache, as well as various algorithms such as Blowfish, DES, and IDEA.


PAM (Pluggable Authentication Modules)


Newer versions of the Debian Linux and Red Hat Linux distributions ship with unified authentication scheme which is called “PAM”, which allows user to change his authentication requirements and methods on the fly, as well as encapsulates all the local authentication methods without the need to recompile any of his binaries.


Following are some things that user can do with PAM:


Allow particular users to login only at particular times from particular places.


Set resource limits on all his users so they can’t perform denial-of-service (DoS) attacks.


Use encryption other than DES for his passwords to make them harder to brute-force decoding.


Enable shadow passwords on the fly.


Within a few hours of user’s system installation and configuration, he can prevent various several attacks before they even occur.


Cryptographic IP Encapsulation (CIPE)


The main goal of this encryption software is providing a facility for secure subnetwork interconnection across insecure packets network such as the internet against eavesdropping, including faked message injection, and traffic analysis.


Cryptographic IP Encapsulation encrypts the data at the network level. Packets that are traveling between hosts on the network are encrypted. The encryption engine is placed near the driver that sends and receives those packets.


This is unlike SSH that encrypts the data by connection, at the socket level, not the network level. The logical connections between programs that are running on different hosts are encrypted.

Cryptographic IP Encapsulation can be used in tunneling for creating a VPN. Low-level encryption has the advantage that it may be made to work transparently between the two networks connected in the Virtual Private Network, without change to the application software.

Shadow Passwords


Shadow passwords are other means of keeping user’s encrypted password information secret from other normal users. Newer versions of both Debian Linux and Red Hat use the shadow passwords by default, but on any other system, encrypted passwords are stored in /etc/passwd file for all users to read. Anyone can then run any password-guesser program on them and try to find out what they are.

Shadow passwords, on the contrary, are stored in /etc/shadow that only privileged users can read. For using shadow passwords, user needs to make sure all his utilities which need an access to the password information are recompiled to support them. PAM that I described above also allows you to just plug-in a shadow module as it doesn’t require any re-compilation of the executable.



Labels:

Comments

Post a Comment

Popular posts from this blog

What is STP? - Explain Advantages and Disadvantages

The Spanning Tree Protocol is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. STP is a protocol. It actively monitors all links of the network. To finds a redundant link, it uses an algorithm, known as the STA (spanning-tree algorithm). The STA algorithm first creates a topology database then it finds and disables the redundant links. Once redundant links are disabled, only the STP-chosen links remain active. If a new link is added or an existing link is removed, the STP re-runs the STA algorithm and re-adjusts all links to reflect the change. STP (Spanning Tree Protocol) automatically removes layer 2 switching loops by shutting down the redundant links. A redundant link is an additional link between two switches. A redundant link is usually created for backup purposes. Just like every coin has two sides, a redundant link, along with...
5 comments
Read more

How to Reset Steam Password? – Recover Your Steam Password

Are you suffering with Reset Steam Password? This blog will help you. What is Steam? Steam is the online website for getting the best games for paid. If you are a true game lover then you should have an active account on Steam. Many of people lost their password during the  PC clean-up  or any other circumstances. At that time they have to reset Password of all accounts. Then if you facing issues with the password, you forced to Steam reset password to access the Steam account. We are going to share the guide that how to recover your forgotten Steam Password and make your existing account ready. First of all, you should have enough knowledge about what is Steam and why Steam Account required? Why Steam Account Requires? Before jump into password recovery and Login details, let me clear about why Steam Account required? There are several benefits of this Steam Account from where you can easily download PC games as well as software. Though it will be p...
Post a Comment
Read more