Expect system will be hacked, information will be stolen. Rather than make system completely unhackable, which is impossible, focus on how to make it difficult and recover, and minimize the damage.
Backup important files
Tried many cloud based services. Use hybrid approach:* Family photos
These type of data is important and mustn't lose them, but it's not that critical that if someone else get their hands on them. Use cloud to store back up and use local back up as well. May not want to encrypt such huge volume of files -- videos and photos.
* ID/PW
You can reset the PW most of the times. It's important that nobody has any access to it, but at the same time, I can access it from different places/devices easily.
Use cloud + encryption. E.g. Use KeePassX and save the file in the cloud.
And never use the same PW for other sites or systems.
- https://keepass.info/ - available via SNAP
Encryption
System will get hacked -- and if files are already encrypted, it will be a lot harder for hackers to steal the actual information.On Ubuntu/Linux, these are some solutions I found:
* Virtual volume with encryption
* File system encryption
* Encrypt individual file
Virtual volume with encryption
Use VeraCrypt or TrueCrypt. VeraCrypt is newer, branched off from TrueCrypt. Some reports said it's not that safe however.
[1] VeraCrypt, https://www.veracrypt.fr/code/VeraCrypt/
$ wget https://launchpad.net/veracrypt/trunk/1.24-update4/+download/veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb
$ sudo apt install ./veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb
Uninstall
$ sudo apt remove --purge veracrypt
$ sudo apt autoremove
- https://kifarunix.com/install-and-setup-veracrypt-on-ubuntu-20-04/
- https://www.fosslinux.com/27018/best-ways-to-encrypt-files-in-linux.htm
[2] TrueCrypt, http://truecrypt.sourceforge.net/
$ sudo add-apt-repository ppa:stefansundin/truecrypt
$ sudo apt-get update
$ sudo apt-get install truecrypt
$ sudo visudo -f /etc/sudoers.d/truecrypt
your_username ALL=(ALL) NOPASSWD:/usr/bin/truecrypt
- http://www.linuxandubuntu.com/home/how-to-install-use-truecrypt-in-ubuntu-linux-to-encrypt-files-folders
- https://www.configserverfirewall.com/ubuntu-linux/install-truecrypt-ubuntu/
- https://help.ubuntu.com/community/TrueCrypt
File System Encryption
[1] eCryptFS, https://www.ecryptfs.org/about
Install
$ sudo apt install ecryptfs-utils -y
$ sudo mount -t ecryptfs mydoc/ mydoc/
$ sudo umount /home/kkim/mydoc
$ sudo mount -t ecryptfs mydoc/ mydoc/
- https://en.wikipedia.org/wiki/ECryptfs
- https://kifarunix.com/how-to-encrypt-files-and-folders-with-ecryptfs-on-ubuntu-18-04/
[2] ZFS (didn't try)
- https://linsomniac.gitlab.io/post/2020-04-09-ubuntu-2004-encrypted-zfs/
- https://www.medo64.com/2020/06/testing-native-zfs-encryption-speed/
- https://blog.heckel.io/2017/01/08/zfs-encryption-openzfs-zfs-on-linux/
- https://medium.com/@steinarlbergmyrvang/ubuntu-20-04-with-encrypted-home-f5ce490333cc
- https://0p.no/2019/12/22/zfs_encrypted_home.html
Encrypt file(s)
[1] ccrypt
$ sudo apt-get install ccrypt
e.g.
$ ccencrypt test.txt
This will ask for encryption key twice and encrypt the file, append .cpt to the file name
$ ccdecrypt test.txt.cpt
[2] 7z
$ sudo apt-get install p7zip-full
e.g.
$ 7z a -p thisdir.zip *
$ 7z e thisdir.zip
Email Encryption
Use Thunderbird + Enigmail extension.
Chat Encryption
- Telegram - https://telegram.org/
Closing
I use all of the above methods, except FS encryption -- I found using virtual volume is easier and transportable as it's just one file. Example usage: create 500MB VeraCrypt volume and place it in Dropbox. At home, use your Ubuntu to use the content inside of it, at work, use Windows to use the volume.And don't trust cloud services too much -- they have been hacked, and they will get hacked again. They'll go down, go out of business, lose files or mess up files. Always make local back up -- e.g. external USB drive.
No comments:
Post a Comment