Live Journal about blowfish |

Recent Posts

Best links

Web Hosting Reviews

    • Archive Encryption Key Security Options

    | Under Live Jounal

    Your data is not encrypted with the security you’ve chosen; rather, the security method is used to protect the encryption key that encrypts your data. Think of a key that is locked inside a safe. Your security method (also know as the public key) is the information that unlocks the safe, which contains the key (also known as the private key) that unlocks your data. In other words, your public key protects your private key.

    You have these options for securing your archive encryption key:

    • account password – default
    • private password – another password to use instead of account password
    • personal private key – a private key you create that replaces the default private key

    Each of the encryption key security options offers increasingly greater security, and correspondingly greater risk for forgetting. In other words, using your account password to secure your data is the simplest method and the easiest for others to penetrate. Using a private password adds another layer of security, but it is another password to remember.

    Once you have upgraded your encryption key option, you cannot downgrade to another option. This prevents someone from recovering your lost or stolen computer and using CrashPlan to downgrade your security.

    Securing Your Encryption Key with Your Account Password

    Using your account password to secure your encryption is the simplest method to use, but the easiest for others to penetrate.

    • Default encryption key security option
    • Private key is stored on the server and on source computer
    • Public key uses your account password to protect your private key
    • Public key and private key are stored on the server for web restore
    • Public key is stored on the destination for guest restore
    • Admins can restore without password, allowing easy local fast restore

    Securing Your Encryption Key with a Private Password

    You can specify to use a private password, which is different from your account password, to secure your encryption key. Securing your encryption key with another password offers another level of security; however, you increase the risk to your archive because there is no way to retrieve the private password if you forget it.

    • Upgraded security
    • Private key is stored on and never leaves source computer
    • Public key uses a private-password to protect your private key
    • Public key is stored on the server for web restore and for new installations
    • Public key is stored on the destination for guest restore
    • Admins need private password to restore
    • Additional password to remember, risk not being able to restore if forgotten

    Your Private Encryption Key

    You can specify to replace the default encryption key with a private key to encrypt your archive. This is the most secure option, but it requires the most user management because you must provide your private key every time you restore.

    • Highest upgraded security
    • Private key is stored on and never leaves source computer
    • Manage your own private key per computer, with each computer under this account theoretically using a different private key
    • Web restore, guest restore, new installations, remote restore, etc. require the private key
    • Admins need private key to restore
    • Additional information to keep track of, with increased risk of not being able to restore if lost

    Generating Your Private Key

    You can create your private key in several ways:

    • Enter a passphrase that returns a private key and then paste the key into the encryption key box
    • Allow CrashPlan to generate a private encryption key for you without entering any text (just click the Generate option)
    • Import an encryption key that has been saved to a text file (e.g. an SSH private key)

    Importing and Exporting the Private Key Once you’ve selected the method for generating your private key; you can use the Export option to export the key to a text file. Exporting the private key to a file makes it easier to locate the key in case you forget it. When you need to supply the private key on another computer to which you want to recover files, you can use the Import option to import the encryption key from the text file.

    All data previously backed up and associated with the previous method’s encryption key is no longer available for restoring.


    The crypt () Function

    | Under Live Jounal
    In PHP we can use the crypt () function to create one way encryption. This means that the data is encrypted but cannot easily be decrypted. Although at first glance that may seem useless, it is actually very useful when working with passwords.When a user chooses their password, the password is then encrypted and the encrypted version of this password is saved. The next time the user goes to login, their password is encrypted again and then checked against the already saved (encrypted) version to see if they are the same. This way if the data is intercepted, they only ever see the encrypted version.

    The crypt function is phrased as: crypt ( input_string, salt)

    In this case input_string is the string you would like to encrypt (your password for example,) and salt is an optional parameter that influences how the encryption will work. PHP by default uses a two character DES salt string. If your system standard is MD5, a 12-character salt string is used.

    The following are the four types of salt that work with all crypt () functions.

    CRYPT_STD_DES – Standard DES-based encryption with a two character salt
    CRYPT_EXT_DES – Extended DES-based encryption with a nine character salt
    CRYPT_MD5 – MD5 encryption with a twelve character salt starting with $1$
    CRYPT_BLOWFISH – Blowfish encryption with a sixteen character salt starting with $2$ or $2a$

    Now let’s see what actually happens when we use crypt ()

    <?php
    $password = crypt(‘mypassword‘);
    print $password . “ is the encrypted version of mypassword”;
    ?>

    This will output the encrypted version of ‘mypassword’ for you to see. Now let’s try it using different types of salt.

    <?php
    $password = crypt(‘mypassword’ , ‘d4′);
    print $password . ” is the CRYPT_STD_DES version of mypassword<br>”;
    $password = crypt(‘mypassword’ , ‘k783d.y1g’);
    print $password . ” is the CRYPT_EXT_DES version of mypassword<br>”;
    $password = crypt(‘mypassword’ , ‘$1$d4juhy6d$’);
    print $password . ” is the CRYPT_MD5 version of mypassword<br>”;
    $password = crypt(‘mypassword’ , ‘$2a$07$kiuhgfslerd………..$’);
    print $password . ” is the CRYPT_BLOWFISH version of mypassword<br>”;
    ?>

    This will output something like this:

    d4/qPbCcJ5tD. is the CRYPT_STD_DES version of mypassword
    k7xEagYCDPPSc is the CRYPT_EXT_DES version of mypassword
    $1$d4juhy6d$a.jIPYnvne1FWF2V6mGQR0 is the CRYPT_MD5 version of mypassword
    $2a$07$kiuhgfslerd………..6k0kSI76CqJ/RWGnSp9MWRDF91gJZfW is the CRYPT_BLOWFISH version of mypassword

    As long as you always use the same salt the encrypted password should always be the same, making it a good solution for password storage.


    Next Entries »