DEV Community

Cover image for Protect your data with WarShield

Protect your data with WarShield

Nathanael Demacon on October 20, 2018

Security has been evolving with information technology, peoples find new ways to protect your data and privacy because we need to feel secure. Some...
Collapse
 
phlash profile image
Phil Ashby

Read the code, nice job @quantumsheep :)

I have used both aescrypt and gpg in the past, since these are usually available as standard packages in my target Linux distribution, however both have shortcomings: aescrypt is pretty raw with no output packaging format, so you have to store all the metadata elsewhere; gpg likes to manage your keys for you, which can be problematic when running in restricted environments (eg: without a home folder).

An excellent guide to using gpg or OpenSSL for command line crypto:
howtoforge.com/tutorial/linux-comm...
also demonstrates how fiddly it can be to use these raw tools.

Collapse
 
quantumsheep profile image
Nathanael Demacon

Thanks!

GPG use CAST-128 which is less powerful than AES. However OpenSSL is powerful as it use AES.

OpenSSL can be a very great choice to encrypt files like WarShield do. Thanks for the link 😊

Collapse
 
einenlum profile image
Yann Rabiller

Thanks for your article!

I just have a question: basic instructions about security and CLI, include the following advice: never put your password in a CLI instruction because it can be sniffed thanks some tools (like ps) and even simply end in your personal history.

For example, it is advised not to put directly your mysql password when using mysql -uroot -ppassword mydatabase. It's advised to do mysql -uroot -p mydatabase and then give your password.

Indeed, isnt't it a problem that anyone can decrypt your files with a simple CTRL-R warshield in your shell?

I'm not a security expert, so I'm just asking cause I'm curious :).

Collapse
 
quantumsheep profile image
Nathanael Demacon

The post isn't updated, WarShield had an update 12 days ago which fix this issue, now the password is asked in the process, outside the command :)

I'll fix the post, thanks to make me notice that!

Collapse
 
computersmiths profile image
ComputerSmiths

On Reddit and hackr.io you say it’s 3DES, which is it? Not that I’m a security expert, but until this is peer reviewed by real security experts I’d be careful about applying it. Still, nice to know it exists! Also, how does a mere mortal select and store a 256-bit key? If correct horse battery staple is only 44 bits I’m going to need a 24 word passphrase?

Collapse
 
quantumsheep profile image
Nathanael Demacon

3DES is deprecated, AES is the new data encryption standard. WarShield used 3DES in it's version 1, now it use AES-256 in version 2.
Don't worry for the passphrase, you can put any password you like :)

Collapse
 
fleshwounded profile image
Fleshwound⚡

Hmmmmm interesting I think I like it....

Collapse
 
ondrejs profile image
Ondrej

Really nice job! Finally something lightweight to replace my classical gpg -c --select-cipher AES256 routine.

Collapse
 
quantumsheep profile image
Nathanael Demacon • Edited

Thanks! I'm happy to see that it's useful 😊