Thanks for your article!
I just have a question: basic instructions about security and CLI, include the following advice: never put your password in a CLI instruction because it can be sniffed thanks some tools (like ps) and even simply end in your personal history.
For example, it is advised not to put directly your mysql password when using mysql -uroot -ppassword mydatabase. It's advised to do mysql -uroot -p mydatabase and then give your password.
mysql -uroot -ppassword mydatabase
mysql -uroot -p mydatabase
Indeed, isnt't it a problem that anyone can decrypt your files with a simple CTRL-R warshield in your shell?
I'm not a security expert, so I'm just asking cause I'm curious :).
The post isn't updated, WarShield had an update 12 days ago which fix this issue, now the password is asked in the process, outside the command :)
I'll fix the post, thanks to make me notice that!
Read the code, nice job @quantumsheep
I have used both aescrypt and gpg in the past, since these are usually available as standard packages in my target Linux distribution, however both have shortcomings: aescrypt is pretty raw with no output packaging format, so you have to store all the metadata elsewhere; gpg likes to manage your keys for you, which can be problematic when running in restricted environments (eg: without a home folder).
An excellent guide to using gpg or OpenSSL for command line crypto:
also demonstrates how fiddly it can be to use these raw tools.
GPG use CAST-128 which is less powerful than AES. However OpenSSL is powerful as it use AES.
OpenSSL can be a very great choice to encrypt files like WarShield do. Thanks for the link 😊
On Reddit and hackr.io you say it’s 3DES, which is it? Not that I’m a security expert, but until this is peer reviewed by real security experts I’d be careful about applying it. Still, nice to know it exists! Also, how does a mere mortal select and store a 256-bit key? If correct horse battery staple is only 44 bits I’m going to need a 24 word passphrase?
3DES is deprecated, AES is the new data encryption standard. WarShield used 3DES in it's version 1, now it use AES-256 in version 2.
Don't worry for the passphrase, you can put any password you like :)
Really nice job! Finally something lightweight to replace my classical gpg -c --select-cipher AES256 routine.
gpg -c --select-cipher AES256
Thanks! I'm happy to see that it's useful 😊
Hmmmmm interesting I think I like it....
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.