[tclug-list] Do strong root passwords prevent alternative access?

Fri Feb 28 22:20:25 CST 2014

Thank you for your help.

> Date: Fri, 28 Feb 2014 21:55:28 -0600
> From: goeko at Goecke-Dolan.com
> To: tclug-list at mn-linux.org
> Subject: Re: [tclug-list] Do strong root passwords prevent alternative	access?
> 
> With Xubuntu 13.10 I setup partition encryption, with it's own 
> passphrase via the installation gui.  Asks for passphrase then boots and 
> asks for login.
> 
> I am pretty sure it has been possible to do partition encrypting for a 
> while, I don't believe it has been in the gui installer until recently.
> 
> Here is an article that tells how to do partition encryption in Ubuntu 
> 12.04...
> 
> http://newspaint.wordpress.com/2012/09/21/full-disk-encryption-on-xubuntu-precise-12-04/
> 
> Now not full disk.. but full partition (Although I haven't tested 
> it...hummm.). Not sure that encrypting the boot partition will gain you 
> a whole lot more security ?
> 
> ==>brian.
> 
> 
> On 02/28/2014 08:18 AM, Jeremy MountainJohnson wrote:
> > Ultimately, the length and complexity of the password / use of keys is
> > what makes encryption good. Nearly all the common encryption
> > algorithms out there are crackable if physical control is compromised
> > and weak keys are used. Speaking from experience, all but one below
> > I've been able to crack years ago with a decent gpu / distributed
> > processing and weak pass-phrase (less than 12 chars). Keep in mind,
> > more chars is not always correlated to success of encryption, refer to
> > targeted dictionary attacks, rainbow tables, and the chair to keyboard
> > factor.
> >
> > * Ubuntu (and I believe Debian) give ecryptfs option for home
> > directories (folder level encryption) via the gui installer. Tied to
> > your user account password, which is it's weakness, strong pw hashes /
> > salting help a lot for exposed passwd and shadow files
> > * TrueCrypt can also do a home directory or simple container in Linux,
> > with pass-phrase and various keys, but not full disk encryption unless
> > on Windows
> > * Several paid options out there, often for enterprise, McAfee is a
> > common one, handle full disk, complex encryption for nearly all
> > platforms
> > * More manual options include dm-crypt + LUKS, with pass-phrase and
> > various key options (similar to a more manual and CLI like Windows
> > BitLocker). Does the job well, but tough upfront learning curve
> >
> > --
> > Jeremy MountainJohnson
> > Jeremy.MountainJohnson at gmail.com
> >
> >
> > On Fri, Feb 28, 2014 at 3:59 AM, gregrwm <tclug1 at whitleymott.net> wrote:
> >> agreed.  afterall anything is possible.  but little is likely.
> >>
> >> you can be as paranoid as you like.  or, you can try relaxing a bit.
> >>
> >> but logic can't cure paranoia.  humor perhaps has a better chance.  hence
> >>
> >> "just because you're paranoid doesn't mean they're not out to get you!"
> >>
> >>
> >> _______________________________________________
> >> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> >> tclug-list at mn-linux.org
> >> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
> >>
> > _______________________________________________
> > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> > tclug-list at mn-linux.org
> > http://mailman.mn-linux.org/mailman/listinfo/tclug-list
> >
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20140228/a8a47dcd/attachment-0001.html>