Interests: News, Finance, Computer, Science, Tech, and Living
I get it. Credential storage and recovery is a big issue. People vary in skill, ability to keep track of keys or remember how to use them, and they may not have a password manager, safe deposite box, or other locked storage to store them in.
By the way, I would not consider logging in via ssh and running a bash script to be insecure in general.
However taking uncontrolled data from outside of that session and injecting it could well be insecure as the data is probably crossing an important security boundary.
I was more thinking of the CGI script vunerability that showed up a few years ago. In that case data came from the web into the shell environment uncontrolled. So uncontrolled data processing where the input data crosses security boundaries is an issue kind of like a lot of the SQL injection attacks.
Another issue with the shell is that all proccesses on the system typically see all command line arguments. This includes any commands the shell script runs. So never specify things like keys or PII etc as command line arguments.
Then there is the general robustness issue. Shell scripts easy to write to run in a known environment and known inputs. Difficult to make general. So for fixed environment and known and controlled inputs that do not cross security boundaries probaby fine. Not that, probablay a big issue.
By the way, I love bash and shell scripts.
Bittlocker is a pain. Simply booting a maintainance disk requied me to use the recovery codes to get back into windows.
Give her and your personal representatives the keys or access to the keys. Problem solved.
Same problem as you passwords and password manager.
Servers are harder and not preconfigued if you want unattended boot. The first key has to come from somewhere typically to unlock the root partition. The other keys can then be stored on that encrypted partition and are typically referenced by crypttab for auto unlock.
The first key can come from anywhere you want such as attached media like a flash drive, a over the network say via ssh, from a key server, or from the TPM. Or you could remotely connect to the console. There are bunch of how tos out there. It amounts to customizing the boot process and the initramfs. It is not simple. What makes sense depends on the threat model.
Disk encryption does not impact file sharing over the network.
Sure if you sharing by a USB portable drive you have to unlock and lock it every time you use it. That is separate thing though.
The bigger issues of encryption are one should have a good backup and recovery plan both for media and for the keys. One has to consider legacy planning too. How do your personal representatives access.
Your recovery problem was a backup issue not an encryption issue. Consider addressing the backup issue.
Android uses verified boot then encrypts the various profiles and the new private space seprately. This is how my GrapheneOS phone works.
Linux has a bunch of options. Ubuntu use to suggest per user encryption by ecryptfs but has since gone to partition based encryption via dm-crypt/LUKS. I still use either or both depending though ecryptfs seems depricated/discontinued and on the next upgrade I may discontinue.
Linux can support vaults too. Just locking certain folders. Encfs, and gocryptfs can do this for example. I use encfs though perhaps gocryptfs is a better choice these days. One can also use partition based solutions like dm-crypfs/LUKS or maybe even veracrypt too.
Can you just forward the email? Basically use it as a mail drop.
This is the primary reason for me as well. Drive disposal. Also since we only get electronic statements, want to encrypt those.
Bash is especially suseptable. Bash was intended to be used only in a secure environment including all the inputs and data that is processed and including all the proccess on the system containing the bash process in question for that matter. Bash and the shell have a large attack surface. This is not true for most other languages. It is also why SUID programs for example should never call the shell. Too many escape options.
Just make certain the robustness issues of bash do not have security implications. Variable, shell, and path evalutions can have security issues depending on the situation.
Now I have heard everything. What is zero? Missing value?
For what it is worth. I learned C in 1990. Switched largely to Python in 1998.
Does C have a logical type these days? Never use to.
Probably readability. Correct typing maybe too. Also better error checking.
Actually gmail has one thing correct, Google had been promoting MTA-STS. I am planning on moving to namecheap cPanel email and see if I can enable MTA-STS my domain.
I am not sure any modified browser is that private since it is unique. Generally the whole point of a privacy browser is that you can use stock configuration.
I assume it has something to do with how secure boot, the TPM, and Bitlocker interact.