Making a Hash of It

To alter the hash algorithm, use the -h parameter as follows:

# mcrypt -h tiger grrrr.doc

The role of the hash algorithm is to create a simple digest, which is added to the encrypted file and used to provide a checksum to detect any file corruption reliably. I've used the hash algorithm and changed it to tiger, which is one of the options shown in Figure 2:

# mcrypt -h tiger grrrr.doc

Figure 2: A list of the available hashes in MCrypt.

If you look closely from within a text editor, you can spot the easy-to-read tiger on the far right, in among the gobbledygook:

^@m^C@rijndael-128^@ ^@cbc^@mcrypt-sha1^@
4Y<D8>`tiger^@?<98>a^S<A8>

You can change the algorithm with the -a switch (all are vulnerable to one attack or another). The following command changes to the famous DES – the Data Encryption Standard – algorithm created by IBM in the 1970s, which helped improve encryption significantly over the years:

# mcrypt -a des mond.sh

The header of the file, as seen in a text viewer, shows what's changed (look for des):

^@m^C@des^@^H^@cbc^@mcrypt-sha1^@^U<92><92><AF>

Once your files are encrypted, you're ready to upload them into the cloud. If MCrypt doesn't suit your needs then check out the "Bcrypt" box below for an alternative.

# apt-get install bcrypt

# bcrypt -o linux_binnie.cfg

# bcrykpt -s100 chris_password.asc

To the Power of Three

The Python-based S3cmd utility [3] lets you use the behemoth that is Amazon S3 to store your files ultra-reliably. You might be surprised that S3cmd and other utilities let you use Amazon S3 almost as if it were a local filesystem mounted on your desktop.

Although you do need to expose your Amazon Web Services login credentials, there are ways of entering your passphrase only when it is essential. A simple script could help you automate the process somewhat. Alternatively, full automation might use a root-owned, encrypted password file to drop your security token into the main .s3cfg file so that you can run your backups periodically with a cron job.

You can even use a third-party tool to limit the bandwidth the S3cmd utility uses, which allows you to run a bulky, and therefore lengthy, file transfer as a background process. To use S3cmd, you need an AWS account, which isn't that big a challenge (just give away all your private details, including your credit card, and you are all set).

On Debian or Ubuntu, install the minuscule file as follows:

# apt-get install s3cmd

This command will drop the packages python-support and s3cmd onto the system.

In the past, I had a few issues with older versions in the Debian repositories. It's no problem if your desired feature isn't immediately available; simply download the source and follow the instructions in the INSTALL file.

I was pleased to see that the newer version of S3cmd supports the ability to help out with a --configure option at installation time. You should be wary of where you expose your account details if you are copying and pasting the two important login and password equivalents from AWS, because they are highly sensitive. Don't try typing them because typing errors are all too common; make sure you can cut and paste them.

Fire It Up

To configure S3cmd, use the --configure option:

# s3cmd --configure

The output of the command is shown in Listing 1.

As you can see from Listing 1, S3cmd even asks if you would like to encrypt the files with GPG [4], another excellent and sophisticated encryption tool. Additionally, you will see that I've selected the HTTPS transport method to avoid network sniffing. You can enable encryption with GPG by using the -e option. However, if you're absolutely adamant that that's not what you want (because you want to use a different encryption method, e.g., the excellent bcrypt), specify --no-encrypt.