Results 1 to 5 of 5

Thread: Encryption v. temporary files

  1. #1
    Join Date
    Jul 2008
    Location
    $HOME
    Beans
    1,030
    Distro
    Ubuntu 9.10 Karmic Koala

    Encryption v. temporary files

    Recently Iíve been reading about encryption and itís all fascinating stuff. Iíve read stuff that says that itís no good encrypting things unless you make sure you shred the decrypted versions.

    However, I was wondering whether even that is secure. I mean, if I open an encrypted e-mail in Thunderbird, it gets decrypted. Where does that decrypted text go after I close the message? Does it just vanish from RAM? Or does Thunderbird store it in an unencrypted temporary file, which an attacker could easily recover?

    The same goes for encrypted files of all types. If an unencrypted version of a file is opened in OpenOffice, AbiWord, GIMP, Evince, Gedit, Audacity, Kino, Totem, Kile, LyX, Rhythmbox, Vim, Emacs, Firefox or Opera, will temporary files be created and insecurely deleted? Some programs will be more secure than others, I imagine.

    Would moving your personal configuration folders (e.g. $HOME/.openoffice.org/) to an encrypted filesystem (e.g. $HOME/.Private/) help at all?

    Donít suggest full-disk encryption. Thatís too obvious.
    If people were nicer, I'd answer more queries here!

  2. #2
    Join Date
    Sep 2009
    Location
    N. Providence RI, USA
    Beans
    84
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: Encryption v. temporary files

    When you're setting up it gives you the option to make a seperate home partition wich you can encrypt. Would that do it?
    My best friend gave me the best device! -Tickelback

  3. #3
    Join Date
    Jul 2008
    Location
    $HOME
    Beans
    1,030
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Encryption v. temporary files

    Quote Originally Posted by community nerd View Post
    When you're setting up it gives you the option to make a seperate home partition wich you can encrypt. Would that do it?
    Well, maybe. It depends. Do such programs save temporary files only in the userís directory? What about /tmp/? Or somewhere else within the system?

    What if I donít want to slow down my account by having every read and write go through an encryption program? What if I want to target just OpenOffice, for example?

    Does anyone have any specific knowledge about this?
    If people were nicer, I'd answer more queries here!

  4. #4
    Join Date
    Jan 2008
    Beans
    438

    Re: Encryption v. temporary files

    When an email gets decrypted, for example in Thunderbird, it doesn't get saved to the hard drive, just held in ram while Thunderbird is open. When a file is decrypted, it doesn't have to be written to the hard drive in plaintext.

    The easiest way to manage encryption in Ubuntu is to set up ecryptfs. Open a terminal, and enter "ecryptfs-setup-private". Follow the instructions, and leave settings at their defaults by pressing enter if you don't understand them.
    When you're done, it will tell you to log out and log back in. Now you'll have a folder in your home folder called "Private". All files saved in there are automatically encrypted.

    The Private folder is only accessible by you while you are logged in, and its files are encrypted by your password. (Technically encrypted by a private key which is stored in ~/.ecryptfs, and that private key is encrypted by your password. This allows you to change your password and only need to recrypt the private key instead of all your files.)

  5. #5
    Join Date
    Jul 2008
    Location
    $HOME
    Beans
    1,030
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Encryption v. temporary files

    Quote Originally Posted by Agent ME View Post
    When an email gets decrypted, for example in Thunderbird, it doesn't get saved to the hard drive, just held in ram while Thunderbird is open. When a file is decrypted, it doesn't have to be written to the hard drive in plaintext.
    It doesnít have to be, but the question is whether it does. Do you have the knowledge that Thunderbird/Enigmail in particular makes sure it rights no temporary file?

    Quote Originally Posted by Agent ME View Post
    The easiest way to manage encryption in Ubuntu is to set up ecryptfs. Open a terminal, and enter "ecryptfs-setup-private". Follow the instructions, and leave settings at their defaults by pressing enter if you don't understand them.
    When you're done, it will tell you to log out and log back in. Now you'll have a folder in your home folder called "Private". All files saved in there are automatically encrypted.

    The Private folder is only accessible by you while you are logged in, and its files are encrypted by your password. (Technically encrypted by a private key which is stored in ~/.ecryptfs, and that private key is encrypted by your password. This allows you to change your password and only need to recrypt the private key instead of all your files.)
    I made reference to ~/Private before, so I know about this.

    The point is... well, itís what I said above.
    If people were nicer, I'd answer more queries here!

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •