Re: [PLUG] kernel, rpm, croc, du, encrypted

Walt Mankowski via plug on 1 Dec 2021 13:06:11 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] kernel, rpm, croc, du, encrypted

From: Walt Mankowski via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] kernel, rpm, croc, du, encrypted
Date: Wed, 1 Dec 2021 16:05:59 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=date:from :to:subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=EkwLZ3iKTjwkZQTfH0AaKJXOs1BPPo8dha4Wt/f SfXI=; b=IUjtkO2XF2Y0cqdiN33K/2+1SmI+L5M+icG/vpbPevh9+rjOFrY4oYo m9v6xYMMXbAN+rH4kUwwZD1PIMCWb0MhfyLNdpEUvW/Fd6P2TLesUJ/ZqpgCB7T6 BMw3BwXS+dp2zPb5QdWanCGUgS1S4eheo9iBAx45KUsPbGQZebP8=
Reply-to: Walt Mankowski <waltman@pobox.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Wed, Dec 01, 2021 at 03:15:06PM -0500, Rich Freeman via plug wrote:
> On Wed, Dec 1, 2021 at 2:52 PM Walt Mankowski via plug
> <plug@lists.phillylinux.org> wrote:
> >
> > On Wed, Dec 01, 2021 at 12:10:54PM -0500, jeffv via plug wrote:
> > > How to Securely Transfer Files between Ubuntu Systems Using Croc
> > >
> > > https://vitux.com/how-to-securely-transfer-files-between-ubuntu-systems-using-croc/
> > >
> > > Croc is an open-source CLI-based tool that allows to securely transfer files
> > > between systems. During file transfer, a code is generated for the sender
> > > and the receiver systems to use for end-to-end encryption
> >
> > I'm confused by this. I've been securely transferring between systems
> > for decades using scp. Why should I use croc instead?
> >
> 
> The key bit is that it works through firewalls (assuming they allow
> outbound connections as is typical) - I assume it has some kind of
> cloud component to facilitate connections.  You don't even need to
> know the IP of either end.
> 
> That definitely can be handy.
> 
> To use something like scp you need to have an IP/DNS address for the
> remote host and be able to reach it on the ssh port.

Ah, I see, I hadn't read the examples very closely. Now that I have, I
have more questions:

* Where are the files being stored?
* What port are they using?
* How long do the files stay there?

Assuming they're just using key/value pairs and accessing it over
https, this sounds like a security nightmare. It sounds like if anyone
can guess the codeword they can download the file, potentially
forever. Is there really no authentication component?

Walt

Attachment: signature.asc
Description: PGP signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] kernel, rpm, croc, du, encrypted
  - From: "Rev. LeRoy Cressy via plug" <plug@lists.phillylinux.org>
- Re: [PLUG] kernel, rpm, croc, du, encrypted
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>

References:
- [PLUG] kernel, rpm, croc, du, encrypted
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] kernel, rpm, croc, du, encrypted
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>
- Re: [PLUG] kernel, rpm, croc, du, encrypted
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] kernel, rpm, croc, du, encrypted
Next by Date: Re: [PLUG] kernel, rpm, croc, du, encrypted
Previous by thread: Re: [PLUG] kernel, rpm, croc, du, encrypted
Next by thread: Re: [PLUG] kernel, rpm, croc, du, encrypted
Index(es):
- Date
- Thread