[tclug-list] Do strong root passwords prevent alternative access?

Fri Feb 28 21:55:28 CST 2014

With Xubuntu 13.10 I setup partition encryption, with it's own 
passphrase via the installation gui.  Asks for passphrase then boots and 
asks for login.

I am pretty sure it has been possible to do partition encrypting for a 
while, I don't believe it has been in the gui installer until recently.

Here is an article that tells how to do partition encryption in Ubuntu 
12.04...

http://newspaint.wordpress.com/2012/09/21/full-disk-encryption-on-xubuntu-precise-12-04/

Now not full disk.. but full partition (Although I haven't tested 
it...hummm.). Not sure that encrypting the boot partition will gain you 
a whole lot more security ?

==>brian.

On 02/28/2014 08:18 AM, Jeremy MountainJohnson wrote:
> Ultimately, the length and complexity of the password / use of keys is
> what makes encryption good. Nearly all the common encryption
> algorithms out there are crackable if physical control is compromised
> and weak keys are used. Speaking from experience, all but one below
> I've been able to crack years ago with a decent gpu / distributed
> processing and weak pass-phrase (less than 12 chars). Keep in mind,
> more chars is not always correlated to success of encryption, refer to
> targeted dictionary attacks, rainbow tables, and the chair to keyboard
> factor.
>
> * Ubuntu (and I believe Debian) give ecryptfs option for home
> directories (folder level encryption) via the gui installer. Tied to
> your user account password, which is it's weakness, strong pw hashes /
> salting help a lot for exposed passwd and shadow files
> * TrueCrypt can also do a home directory or simple container in Linux,
> with pass-phrase and various keys, but not full disk encryption unless
> on Windows
> * Several paid options out there, often for enterprise, McAfee is a
> common one, handle full disk, complex encryption for nearly all
> platforms
> * More manual options include dm-crypt + LUKS, with pass-phrase and
> various key options (similar to a more manual and CLI like Windows
> BitLocker). Does the job well, but tough upfront learning curve
>
> --
> Jeremy MountainJohnson
> Jeremy.MountainJohnson at gmail.com
>
>
> On Fri, Feb 28, 2014 at 3:59 AM, gregrwm <tclug1 at whitleymott.net> wrote:
>> agreed.  afterall anything is possible.  but little is likely.
>>
>> you can be as paranoid as you like.  or, you can try relaxing a bit.
>>
>> but logic can't cure paranoia.  humor perhaps has a better chance.  hence
>>
>> "just because you're paranoid doesn't mean they're not out to get you!"
>>
>>
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at mn-linux.org
>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>