A.8 Chapter 7: Cryptography Basics

• Learn about the restrictions your government places on the use, export, and sale of cryptography. Consider contacting your legislators with your opinions of these laws, especially if they negatively impact your ability to protect your systems.

• Never use rot13 as an encryption method to protect data.

• Don't depend on the crypt command to protect anything particularly sensitive, especially if it is more than 1,024 bytes in length.

• If you use the Data Encryption Standard (DES) algorithm for encryption, consider superencrypting with Triple-DES or using AES instead.

• Compress files before encrypting them.

• Learn how to use message digests. Obtain and install a message digest program (such as MD5).

• Never use a login password as an encryption key. Choose encryption keys as you would a password, however—avoid obvious or easily guessed words or patterns.

• Protect your encryption key as you would your password—don't write it down, put it in a shell file, or store it online.

• Protect your encryption programs against tampering.

• Avoid proprietary encryption methods with unknown strengths.

• Consider obtaining a copy of the PGP software and making it available to your users. Use PGP to encrypt files, encrypt sensitive email, and create and check digital signatures on important files.