New Directory for Secret Files
 

Where are some good locations to put small files for passwords and stufff? I want to be able to reach these files exclusively through the terminal with apps like nano (pico). I want them hidden from the finder.

Edit: Well, by "hidden" I mean a road less traveled by the average user.

create a new folder in terminal, put it anywhere, your home folder is fine.
Give it a name starting with a period.
Ex: mkdir .numbers
Will not be seen in Finder.
WILL be seen in Terminal if using the -a switch for ls.

Wow, that's excellent! Thank you cradom.

Hiding files from the Finder does not provide very good security.
You would be better to put anything that is confidential on an encrypted disk image (create it via Disk Utility). Then you only have to remember one password. And you can mount & unmount that image as required.

I understand what you're saying Hayne. To be sure, all I really want to accomplish is to keep my feet wet in Terminal.app and at the same time keep my passwords and whatnot away from the casual user. I sometimes keep a journal and write letters that are not for everyone as well. Nobody I am in contact with uses Terminal, so that works fine for now. Encrypted disc images are very useful for sure. Especially while remembering the password when it's not on the keychain.
:D

Well, you might want to at least consider
mkdir -m 1700 ~/.numbers
because -- by default -- folders created in Home
will have perms = 755 (be readable by others).

At this point though,
chmod 1700 ~/.numbers
is probably the way [since the folder already exists].

This is an awful way to secure sensitive data.

If you must put sensitive information on your computer, lock it up in an encrypted disk image or use the Keychain (secure note items are handy).

Often hiding something in plain sight works very well. If I was poking around, an encrypted disk image would get my attention, although I would probably ignore ~/.glibc_opt

Pick a filename that looks a lot like an obscure unix config file. How secure you need it to be is definitely a case-by-case decision.

If you use unix services that use passwords, like curl or ftp, look at the .netrc file option in the appropriate manual - they will look there for the appropriate host/pass combo.

It can get your attention all it likes, but AES-128 encryption is pretty tight. Are you implying that a snooper is going to be able to break into the image easily? I certainly hope not.

http://en.wikipedia.org/wiki/Advance...ption_Standard

I'll take the disk image plz okthx.

Go for it, Mikey. How much (or little) security is needed is a case-by-case issue.
And as most people use insecure passwords, having AES securing the data won't do much good if I use a dictionary/date guesser on it and get lucky with the dog's name.

But if the file was never found in the first place.....

Afterthought: Absolute faith in the security of the encryption system (Enigma) is what got the Third Reich torpedoed (literally and figuratively) back in the 1940's

True, but if they had changed their keys more frequently, the Allies probably wouldn't have broken the code. Since encrypted disk images use the password to generate the key, and the key itself is encrypted, using a 'secure' password should make it extremely difficult to break into an encrypted disk image.

The Enigma had both a day key and a message key. The message key prevented easily cracking the entire message but if the day key was broken you got everything. Still, they believed it was unbreakable (like Mary Queen of Scots and various others who came to messy ends) and thus were not cautious about the contents.

There's a big "IF" in your post, and it's the s3|<\/яз P@$$\/\/0яDz part.

Even with AES-128 and asymmetrical ciphers using massive primes as keys, I can still make a more secure cipher with a #2 pencil.

Option 3: Buy a cheap usb drive. Stick on your car keys.

Jesus. No encryption is unbreakable, but you can't use Enigma to say that putting files in a randomly named directory is somehow more secure than AES-encrytped disk images. Some people might read this thread and think that disk images are a waste of time when you can just put things in some randomly named folder. Simply not the case.

Hiding sensitive data in "plain sight" folders without passwords is asking for more trouble than passworded disk images, unless you use bad passwords. At least reasonable encryption with good passwords provides some semblance of security.

A note on the Enigma machine: The three-rotor Enigma was also eventually upgraded as far as five rotors. The reflector positions were also increased from just two to twenty-six as the machines were refined. Were it not for the reuse of keys and the capture of German code books, which helped cryptanalysists develop and rule out decoding methods, the machine may have remained unbroken until the days of distributed-computer decryption.

. . . And heck, if the data is that important that an encrypted disk image isn't sufficient, print it out/burn it to CD/save it to an external disk and put it in a safe in the basement. It shouldn't be on your computer to begin with.

Better yet. "Trust No One"...where did I hear that before?...
Don't write anything down. Memorize everything.

But then I susposed the could tourture you until you spill the beans...

or use a sharpie to track passwords on the bottom of your keyboard or the frame around your monitor.

No - it's best to hide them in plain view - e.g. on a shopping list that you have on a yellow sticky note on your monitor:

Mikey: when did I say that disk images were bad? I said at least twice that it's a case-by-case issue, to be decided by the individual. I think that a rather well-buried file is a nice balance between security and convenience, especially for Terminal-related work. The OP wants to guard against casual snoopers and perhaps a laptop thief, not the computer forensics department.
I also really like the shopping list idea. The investment portfolio should probably go on a disk image, the Will should not. The Swiss Bank Account numbers shouldn't be in the computer at all.

And pencil+paper encryption IS unbreakable. :D

That was intended as a joke about hiding things in plain sight. I guess I needed to put a smiley there after all.
Haven't you read "Surely You're Joking Mr. Feynman" ?

No, seriously, I like the shopping list on a sticky. But I'd change the password to something like (using your example) "ltpiccp", and use a list more appropriate for next to the computer, like "update router firmware, get new usb hub, spindle of DVDs".

And you can always stash that encrypted DMG inside ~/.glibc_opt

Yep, that's all I'm interested in doing. The hidden file is a common UNIX notion to be sure. I only want my personal files invisible to family and friends who use my computer from time-to-time (computer novices). If something is that important to me, I'll store it in a safety deposit box down at the bank. Interesting turn of the thread though!