LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-11-2011, 12:27 AM   #1
unihiekka
Member
 
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273

Rep: Reputation: 32
duress passwords, encryption, and linux


Hello!

Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?

The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.

I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?

Look forward to hearing your thoughts.

Last edited by unihiekka; 03-11-2011 at 12:28 AM.
 
Old 03-12-2011, 03:45 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
This sounds awfully extreme in the paranoia department. The only individuals who I can think of that would likely be put in such a situation are ones that would most likely not be taking any machines that have that sensitive of information on them at all.

A former coworker who has a friend who works for the NSA recommends Iron Mountains' Data Defense. Too many wrong password attempts or a remote poison-pill and the data is toast.

As far as a duress account to kill the data, create a second user account that will execute a script on startup that securely wipes the home directory. Such a process is slow and will use a lot of HDD activity and will probably be noticed, so you are better off targeting only the sensitive information. A simple zero or random data wipe should be sufficient.

Honestly, though, I think if you are facing such a situation, you aren't too far away from the $5 wrench scenario either: drug them and hit them with this $5 wrench until they tell us the password.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] What encryption does the /etc/shadow file use for passwords? Karas Linux - Newbie 4 11-26-2009 06:01 PM
Shadow passwords - Changing encryption method from MD5 to SHA Phaethar Linux - Security 1 11-04-2009 04:38 PM
looking for a portable encryption method for passwords file nephish Linux - Software 5 10-05-2009 09:46 AM
Root & user logins : Passwords? Why not encryption keys instead? furfurdemon666 Linux - Security 4 07-02-2004 09:17 AM
Is there a way to sync Samba passwords with linux user passwords MarleyGPN Linux - Networking 2 09-09-2003 10:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration