MCrypt – Securing your Linux files with Twofish Cryptography

With more and more details being stored on computers, it’s getting exponentially more important to keep them safe and secure. From internet banking to Facebook, renewing car tax to ordering presents on Amazon, you have entered a lot of data onto your computer. But how do you keep files of a sensitive nature secure?  Could something called MCrypt help?

With a trip to foreign lands coming up, I thought I’d make a digital backup of some important information; passport number, insurance reference numbers, addresses and alike. However storing them on a computer poses an extra risk, after all my laptop is probably the most likely item to be stolen. So it was time to look into encrypting files in Ubuntu.

Needless to say I found the following method immensely practical and secure (to my knowledge).

How to securely encrypt files

First thing is first, we need to install a tool called MCrypt. This little en/decrypting program replaces the outdated Linux crypt program; with faster and more secure options.

Open up Terminal, (CTRL+ALT+T) and run the following:

sudo apt-get install mcrypt

This will install the program onto your system. It should be pointed out, that if you’re planning on storing your secure file on a removable medium (USB, CD etc), you’ll also need mcrypt installed on the receiving system to decrypt the file.

Then run the following:

mcrypt --list

This will return a screen similar to the one below.

This is showing you all the ciphers that mcrypt can handle. I’d recommend twofish as a cipher choice, so look for that.

Why use Twofish? I recommend Twofish as an encryption method for a few reasons I'll briefly explain. Most importantly, as of 2012, there is no legitimate source to say Twofish is breakable using cryptanalysis techniques. Secondly the Twofish algorithm is in the public domain and is free from a patent, which means that its unlikely to be removed from mcrypt in the near future. This is important because you don't want the ability to decrypt your file disappearing after a software update. Thirdly, and more personally, it's based on its older cousin, Blowfish, which I've studied during my university course.

To encrypt your file, simply enter the following into Terminal:

mcrypt -a twofish filename

Obviously replacing “filename” with the path to the file you want to encrypt.

You’ll be asked to enter a pass phrase, this is essentially a password and can contain pretty much any normal character.

Like most ciphers, its best to use a non-dictionary word, combining both upper and lower case letters, as well as a handful of punctuation or numerical symbols. One good method is to use a pass phrase of a whole line of text from an ebook. This acts like a massive password, although obviously make sure you keep a copy of the ebook (not your specific text!) with your encrypted file. After entering this pass phrase a file named “filename.mc” will be created.

This *.mc file is your secure file, move this to whatever medium you want. Keep it safe.

Securely deleting the original document with Shred

There’s no point keeping your secure *.mc file near your original document, that’s kinda daft. So normally you’d simply delete or rm this file, but not in this scenario.

If you’re seriously worried about your file falling into the wrong hands (this is beginning to sound like an article for corporate spies) then you must digitally shred the document. Normally deleting a file simply flags that file that it can be overwritten in the future. In fact if you delete a file and then simply do nothing, that file is quite easily retrievable.

Shredding the document means the file is first overwritten with arbitrary data before being flagged for overwriting. This means that even recovery software will be unable to recover your previously important documents.

To use, simply type:

shred -u filename

Decrypting a file with Mcrypt

Okay so you’ve now successfully encoded your important documents with a strong Twofish cipher, as well as safely disposing of the original, now you have to know how to decipher the *.mc file.

Simply type:

mcrypt -d filename.mc

You don’t need to specify Twofish or any other arguments, mcrypt will be able to tell which method to decipher the file with.

This will leave you with your encoded *.mc file as well as the unprotected copy of your original. Winner.

Word of Warning

As with most of these encryption tools, their strength obviously comes from their ability to shrug of feasible attacks. Twofish might be breakable using trial and error (aka brute force), but it might take millions of years, ergo its pretty safe. This also means if you forget your passphrase, the original data is irretrievable.

If you’d like to read more about MCrypt, as well as find out more of the options you can use with it, try reading the MCrypt Linux MAN page on it.

Hope this article helps you maintain some peace of mind when storing sensitive documents.

Comparison of TwoFish and AES

A reader raised a good question about whether TwoFish or AES is better for encryption. I’m no expert but from my research, unless you’re protecting military grade data, using either is fine. Both ciphers are immensely strong even in their ‘easiest’ 128bit length. This article I found on Google Groups highlights a fact I agree with however:

… AES is receiving more scrutiny than any of the other finalists.  This gives a powerful reason to prefer AES over Twofish (or any of the other finalists, including Serpent,
for that matter).

Hope that helps someone