Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm interesting to do token from UBB flash for OS Linux/Windows/Android using USB 2.0 + usb type C flash, without soldering.
Flash must be encrypting, can be open by programs installed on Linux/Windows/Android device and as key holder must be KeePass database inside encrypting in 3 or 2 copies, and KeePass is cross platform tool, instated on Linux/Windows/Android device or moving inside encrypting flash volume as portable soft.
1. Any suggestions about how to do such token from USB Flash?
2. How to encrypt usb volume to be opened under Linux/Windows/Android.
3. Is KeePass good enough to not be cracked? I have been used it since 2008-2009.
Oh, a SECURITY token. The only one I have carried was RSA and had processing inside. Making your own would seem much less than secure.
Now I use KeePass on 4 computers with windows, 2 computers with Linux and 1 Android phone. The database in each case is on HDD/SSD of the equipment in 2 copies each, in my user directory. But somebody can steal database file and try password brute force hacking.
Im thinking stay KeePass database in encrypted flash.
If buy so proprietary Security token with its own microprogram , which will be good in security and price?
Now I use KeePass on 4 computers with windows, 2 computers with Linux and 1 Android phone. The database in each case is on HDD/SSD of the equipment in 2 copies each, in my user directory. But somebody can steal database file and try password brute force hacking.
Im thinking stay KeePass database in encrypted flash.
If buy so proprietary Security token with its own microprogram , which will be good in security and price?
I am not sure, as I am not in the market and have not done that research. Having your passwords available on another portable device (that is more likely to fail) does not seem to me a more secure option!
I am not sure, as I am not in the market and have not done that research. Having your passwords available on another portable device (that is more likely to fail) does not seem to me a more secure option!
Yes, I agree - flash can be lost or destroyed, or simply fail.
Is it better to do virtual HDD encrypted volume by TrueCrypt (It was not updated from 2012 as I can remember), that can consist KeePass database inside?
keepass data is already encrypted, and the highest level is crazy hard to crack.
The real question is "what are you doing that requires that level of encryption?", followed by "what is the threat that would attack using decryption tools rather than moving on to an easier target?"!
Rather than opting for more or stronger encryption of passwords, I would opt for something that adds security beyond the passwords level. Some kind of 2FA or authenticator based solution (or both).
keepass has a feature to use a key file to open the database (that means it will ask for a password and will also check the key file). So you cannot do anything with that database without this key file, you can freely send the database to anywhere on the net. Just you need to take care of your key file and also you need to have a strong password.
(nobody can even identify both your database and key file, without help).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.