LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 07-01-2004, 04:10 PM   #1
furfurdemon666
Member
 
Registered: Mar 2004
Posts: 171

Rep: Reputation: 30
Question Root & user logins : Passwords? Why not encryption keys instead?


I'm curious, why do we still use passwords that are typed in manually for logging in root or user accounts? Why not an encryption key that's read from a floppy or usb key?
 
Old 07-01-2004, 04:15 PM   #2
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
because we don't want to carry floppies or usb keys which might break up or get lost, and they weight more than if we didn't carry them...and they can be stolen, whereas stealing a password is a bit more complicated task..

and not every workstation has a usb-port or floppy drive. one of mine, for example, doesn't have neither of those, but I still need to access it..

there are numerous reasons altough the idea itself is good, it's not that good in an everyday life I guess....not yet at least, with this technic.

EDIT: let's think of this: these days you'll have to carry some kind of passport when travelling abroad. that can be stolen, and some might even use it for their own goods...well, nowadays it's possible to identify people by their eyes' iris, dna etc...that information can't be stolen, and we carry it with us always. passport can be forgotten, but eyes or dna not..

I'm not supporting identifying people by their eyes' iris or dna or anything like that, by the way...I don't think it's a good idea. for certain persons, yes - like some very important or dangerous, but for every people on everyday life...no. but as an example you can think like that..

Last edited by b0uncer; 07-01-2004 at 04:25 PM.
 
Old 07-01-2004, 05:17 PM   #3
ranger_nemo
Senior Member
 
Registered: Feb 2003
Location: N'rn WI -- USA
Distribution: Kubuntu 8.04, ClarkConnect 4
Posts: 1,142

Rep: Reputation: 47
Quote:
[B]...it's possible to identify people by their eyes' iris, dna etc....
But, it's not practical... You only have two eyes and one DNA. Using either would be like using the same password for your Hotmail account, your pr0n membership, your bank account, and your living will, and never being able to change it. With a typed-in password, I can have a whole list of different ones.

Also, it CAN be stolen. Think of something like a key-stroke capture program, only this one grabs a copy of your iris as it's scanned. Once it's stolen, it can be added to a spoofing program... When the remote computer queries the local computer for you to put your eye to the scanner, the spoofing program jumps inbetween and supplies the stolen "password".
 
Old 07-02-2004, 09:28 AM   #4
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
ok, now we got into a sci-fi stuff ranger_nemo, yes that is like having one key for everything...it was just meant to make an example of the differences between carryable and "built-in" securing systems..those reasons you mentioned above are one thing why I don't like the idea at all even though it's possible. everything can be stolen, but I just meant that your iris can't be physically stolen (or at least it will hurt quite much, and possibly you'll end up six feet under at the same time) but passport can, quite easily even.

the main point is just that it's far more secure (at least these days) to have the thing in your brains and nowhere else, that you use to access secured stuff, than carry it along in your pocket..
 
Old 07-02-2004, 10:17 AM   #5
hcgernhardt
LQ Newbie
 
Registered: Apr 2004
Distribution: Slackware
Posts: 29

Rep: Reputation: 15
A few ideas concerning floppy/usb encryption keys:

1) The dongle has gone the way of the dinosaur. In years past, many commercial apps required a dongle of some sort on the parallel or serial port in order to function properly---that is, hardware based copy protection.

2) As stated above, hardware (floppy/usb/etc) encryption keys can be lost/stolen, and many workstations/desktops/PC's do not have those capabilities.

3) The passwords are stored in an encrypted format anyway, the key to which is the password itself.

4) Many types of encryption have heavy controls within various political entities, and many are unavailable outside the USA due to export restrictions.

That being said, I have no objection to using an encryption system to keep data secure. I'm not sure if 2.6.7 has the capability to encrypt filesystems, however I do believe I saw something like that in the kernel configuration somewhere. I would think, however, that it would be a major filesystem hack. I can see many possibilities:

1) encrypt the entire hard drive, and have a bootloader password which doubles as a decryption key for the boot files.

2) encrypt individual user files, with a master decryption key available to root.

3) Allow file ops only on decrypted files---that way, in order to rm -rf usr, you would need to provide the superuser decryption key.

These would all involve major kernel/bootloader rewrites. Fun, eh?

TTYL,

Henry
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encryption and Keys The Godfather Linux - Networking 6 09-03-2005 01:04 AM
Forgotten all passwords and logins! mobyuk Linux - Newbie 3 06-03-2004 06:17 AM
the opposite command of su? can i access user logins when i am root? how? kublador Linux - Newbie 3 09-11-2003 04:43 AM
Is there a way to sync Samba passwords with linux user passwords MarleyGPN Linux - Networking 2 09-09-2003 11:59 AM
User Names & passwords Backup teeno Linux - General 8 04-07-2003 10:17 AM


All times are GMT -5. The time now is 08:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration