Statalist


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: st: AW: password


From   "Eric A. Booth" <[email protected]>
To   [email protected]
Subject   Re: st: AW: password
Date   Tue, 26 May 2009 12:38:58 -0500

Austin & Phil are correct, you don't want to use ZIP passwords because they are susceptible to AZPR & dictionary-based attacks. (We had to get into one of our own locked .zip files where the password was forgotten & it took less than a minute and a half).

GnuPG is a good option, as long as it is installed on all the machines using it, but I wanted to mention a solution I use with Mac OSX and its built-in, system encryption tools for those interested. In Mac OSX, you can create a disk image (.dmg) file that can be encrypted AES-256 or a sparseimage encrypted AES-256. (The latter can change its file size when you add new data to it up to the limit you set, the former is a static disk image size.)

When I need to read/write sensitive data, I use the BSD/terminal command line utility 'hdiutil' from my do-file to keep the file encrypted (note: hdiutil replaces the older command hdid). The limitation of this process is that a .dmg or .sparseimage file cannot be directly opened in Windows, but the benefit is that it is secure & does not require installation of an external program.

You could still get these files to a Windows OS by:
1. copying the files from the encrypted disk image to an unencrypted folder while it is mounted; 2. burning a .cdr or .iso disk image that is readable by windows. (I've included syntax below to write a disk image for Windows.) ; 3. you can use a program like Truecrypt to mount a .dmg file in Windows or GnuPG as suggested previously.



Here's the code I use in my do-files:
*****************

capture !rm -f "/users/username/desktop/image.sparseimage"
//          1. create sparseimage file
!hdiutil create -size 1g -type SPARSE -fs HFS+ -volname Image "/users/ username/desktop/image" -encryption AES-256 **enter a password at the prompt; do not save your password in the keychain**
//          2. open/mount to sparseimage file
!hdiutil attach  "/users/username/desktop/image.sparseimage"
//          3. read/write to sparseimage file
webuse auto
* commands here*
save "/volumes/image/data_new.dta", replace
//          4. close/unmount sparseimage file
!hdiutil detach  "/users/username/desktop/image"
//          5. Create a hybrid ISO disk image for Windows/Mac (.iso)
!hdiutil makehybrid -o "/users/username/desktop/imagenew" "/users/ username/desktop/image.sparseimage" ******** Alternatively: Create diskimage for Windows // Burn Window image to Disc (.cdr) ******** !hdiutil convert "/users/username/desktop/image.sparseimage" -format UDTO -o "/users/username/desktop/image"

*****************


You can include " -passphrase <pw>" in the -!hdiutil create- and -! hdiutil attach- commands and put your password in place of <pw> to avoid having to type it into the dialog box, but it's not advisable to leave your password lying around in an unprotected do-file.

Note: the .cdr file includes the ISO-9660 file system with the Joliet extensions (for a CD or volume that you can *mount* in Windows), but the .iso file created by the -!hdiutil makehybrid- command works best in Mac OSX and Windows OS because it includes all the filesystems (the ISO-9660, HFS+, UDF, and the Joliet extensions) (plus, its compression is better, so the filesize will be much smaller) . For added security, you can define a security certificate file in the -!hdiutil- command that requires a certificate, in addition to the password, for user access.


Eric

__
Eric A. Booth
Public Policy Research Institute
Texas A&M University
[email protected]
Office: +979.845.6754
Fax: +979.845.0249



On May 18, 2009, at 1:43 PM, Visintainer PhD, Paul wrote:

Thanks Austin and Martin.

The question came from our institutional review board who wanted to know whether our analytic data files are passworded. The example they gave me was Excel and Access, which can password databases. Some of the files where data are stored are shared drives. I don't think that a single password will prevent access, but at least may deter it. I couldn't find anything from a Stata search, so I didn't think the capacity existed.

I know there are other ways to deter access (e.g., passwording folders or assigning individual drives which must be logged into). We'll have to explore these.

-p


_____________________
Paul F. Visintainer, PhD
Baystate Health System
280 Chestnut Street
Springfield, MA 01199
(T)  413.794.7686
(F) 413.794.7689
[email protected]



-----Original Message-----
From: [email protected] [mailto:[email protected] ] On Behalf Of Austin Nichols
Sent: Monday, May 18, 2009 12:30 PM
To: [email protected]
Subject: Re: st: AW: password

Paul---
But note that zip passwords are not secure.  How secure do you need
the data file to be?  Who needs access?
You might get what you need from openPGP e.g. http://www.gnupg.org

On Mon, May 18, 2009 at 12:18 PM, Martin Weiss <[email protected]> wrote:
<>

Never heard of such a facility. (You can verify integrity via -help
datasignature-.) If I had to protect a dta with a password, I would use an external zip program and add a password to the zip file. Also, dtas shrink
considerably when zipped...



HTH
Martin


-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von Visintainer
PhD, Paul
Gesendet: Montag, 18. Mai 2009 17:35
An: [email protected]
Betreff: st: password

Does Stata have a capacity for passwording data files?

Thanks.


_____________________
Paul F. Visintainer, PhD

*


*
*   For searches and help try:
*   http://www.stata.com/help.cgi?search
*   http://www.stata.com/support/statalist/faq
*   http://www.ats.ucla.edu/stat/stata/



© Copyright 1996–2024 StataCorp LLC   |   Terms of use   |   Privacy   |   Contact us   |   What's new   |   Site index