Puppy Linux Discussion Forum

[arby]

Hi all,

I have recently installed Puppy 4.1 onto a jumpdrive using the 'strong'
encrypted option. Everything appears to work as expected, with no
noticeable lag in operation, just no booting without the password.

Now that it's working, some questions have developed:

1- Can I ever change the password again, or is a reinstall required?

2- What kind of encryption is "pup_save_crypta.2fs" using?

3- How strong is it? Any known weaknesses or risks?

4- Where are the keys stored?

5- Where can I learn more about it? Reading materials etc?

Thanks for any info! , Arby

[Dromeno]

I am also interested in the answers to these questions!

Main reason is that I would like to know if Puppy's own encryption is comparable to TrueCrypt.

[PaulBx1]

aes128 via cryptoloop (google for more info). I always say it is good enough to thwart criminals and nosy people and the local constabulary, but probably not NSA.

DO NOT USE SWAP if you are encrypting your pupsave, because swap is not encrypted and your passwords, etc. are thus able to be harvested from it.

Truecrypt is more modern and up-to-snuff than Puppy's encryption (cryptoloop being "deprecated"), however I might bet on Puppy if the Truecrypt was being used on Windows. There are lots of things you have to be aware of when using encryption; see the truecrypt site for general security practices.

I don't understand your question #4. The keys are stored in your head. That's the passphrase, and that's it. This is not public key cryptography. BTW, make sure you choose a strong passphrase.

If you want to change your passphrase, you can use this utility I cooked up a while ago. It generates a new pupsave. After you are sure the new one works, you can delete the old one. And don't forget to wipe the empty space on your disk too.

[arby]

Thanks for the advice Paul,

Eventually I realized that the "A" in the filename must stand
for AES. Wikipedia provided many of the answers after that.

Regarding point #4, I think you must've misunderstood what
I was asking. I wasn't referring to the passphrase.

Even a symmetric-key algorithm needs an encryption key.
The name aes128, is saying that the key size is 128.
My interest is that the key must be in puppy somewhere,
possibly in an open vulnerable location.

Thanks for the utility!
arby

[Perkins]

General practice for encrypted file systems is to put the heavy key (In this case, the 128 bit AES key) in one of the first sectors of the file system, encrypted with the user's passphrase. I would bet that puppy's AES encryption is roughly as strong as TrueCrypt's AES encryption. TrueCrypt has the advantage though of being able to do cascading cyphers and steganography. Most users probably don't need that level of security though. 128 bit AES should keep out just about anybody short of possibly some government intelligence agency. And they'll most likely get in by either snooping your passphrase, or through rubber-hose cryptanalysis anyway.