One of the most important security features used today are passwords. It is important for both you and all your users to have secure, unguessable passwords. Most of the more recent Linux distributions include passwd programs that do not allow you to set a easily guessable password. Make sure your passwd program is up to date and has these features.

In-depth discussion of encryption is beyond the scope of this document, but an introduction is in order. Encryption is very useful, possibly even necessary in this day and age. There are all sorts of methods of encrypting data, each with its own set of characteristics.

Most Unicies (and Linux is no exception) primarily use a one-way encryption algorithm, called DES (Data Encryption Standard) to encrypt your passwords. This encrypted password is then stored in (typically) /etc/passwd (or less commonly) /etc/shadow. When you attempt to login, the password you type in is encrypted again and compared with the entry in the file that stores your passwords. If they match, it must be the same password, and you are allowed access. Although DES is a two-way encryption algorithm (you can code and then decode a message, given the right keys), the variant that most Unixes use is one-way. This means that it should not be possible to reverse the encryption to get the password from the contents of /etc/passwd (or /etc/shadow).

Encryption is a process of translating a message, called the Plaintext, into an encoded message, called the Ciphertext. This is usually accomplished using a secret Encryption Key and a cryptographic Cipher.

Two basic types of Encryption are commonly used:

• Symmetric Encryption, where a single secret key is used for both encryption and decryption.
• Asymmetric Encryption, where a pair of keys is used -- one for Encryption and the other for Decryption.

Some interesting politics surround strong Encryption:

• Strong (i.e., hard to break) Encryption algorithms are considered to be a munitions by the United States government. Exporting such algorithms therefore amounts to arms smuggling -- a very serious offence!
• Some countries (i.e., France) forbid their citizens from using strong Encryption.
• Strong encryption algorithms are freely available everywhere in the world, on the Internet.
• In the United States, it is possible to patent an algorithm, including an Encryption Cipher. This can limit who can make such algorithms.

When sending email, users should consider keeping two types of information private: The password for the account, and the email itself. This document explores methods of encrpyting email passwords as well as email data encrpytion.

Need for email password encryption
By default, email clients using the POP/IMAP/SMTP (the latter when used with SMTP-AUTH ) protocols send the authentication data (username and password) and send or receive the email message data itself in non-encrypted, “cleartext” form. To protect the password from being “sniffed” as it travels over the network, it is important to avoid such cleartext transmission.

Methods of email password encryption
While a number of methods for encrypting passwords (e.g. APOP, CRAM-MD5) have been developed and implemented in some email clients and servers over the years, there are currently two methods with wide support at Penn – SSL and Kerberos .

The Secure Sockets Layer (SSL) method uses the same technology that is the basis for so-called “secure” websites using the HTTPS protocol to encrypt data sent between a web browser and a web server. When using the SSL method, the entire communication stream between the email client and server is encrypted, not just the password.

The Kerberos protocol ensures that the password is never sent over the network at all, not even in encrypted form. This yields a very high level of security for the authentication that takes place between the client and server.

Article source: http://tldp.org/HOWTO/Security-HOWTO/password-security.html
Article source:http://hitachi-id.com/concepts/encryption.html
Article source: http://prowiki.isc.upenn.edu/wiki/Email_Encryption


.