Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There's no benefit encrypting files with no confidential information such as binaries in /bin, /sbin, libraries, etc. It backfires as it provides a good deal of known plaintext. It's better to encrypt /home, /tmp, swap and so on.
I would like to know more about this 1344-bits stuff. How do they generate such a large bitstream from only a password and stuff it into 448-bits blowfish ?
nothing is 100 percent secure! i think maybe you should wear a gun and put your laptop on a autodestruct mode using some kind of bomb (RDX maybe). if by chance somebody tries to rob your laptop your first option would be to resist the attack with your gun and if that fails launch failsafe--------------->BOOM!
no data, no files, no harddisk, no laptop. ENJOY!
Windows at least allows me to buy a package to encrypt the whole thing in a way that is completely secure. I'm looking for a real solution for Linux and I'm not finding anything stable. If I search this board on any of the solutions presented, I find lots of threads with serious issues about the use of those tools.
It would be unwise to categorically say "a way that is completely secure." On any system, you simply don't know that. There could be a vulnerability in the closed-source software that you don't know about; see http://www.counterpane.com or Bruce Schnierer's http://www.schneier.com/.
Encrypted-filesystem drivers are readily available for Linux, and since the source-code is available for open review you can be more confident that they don't contain hidden flaws if used correctly. Ahh, but there's the rub. When it comes right down to it, the security (or lack thereof) is the purview of the system administrator... You! A piece of flashy-looking software in a flashy box, easily installed by the user (who is logged on as Administrator without a password, on a public network without a firewall, running exactly the same services wirelessly at Starbucks as he does when connected to the company's wired network... where he might accidentally leave the wireless unit turned-on and thus create an open door into the company's "private" network to a competitor in the office next-door!) may look and feel good ... and be worthless. Worse than worthless.
A quick search on http://freshmeat.net for "encrypted filesystem" shows no less than eight promising-looking options, all with source, many of them cross-platform. These could be applied as a strong part of a well-thought-out security strategy. But a flashy box-product bought at Staples is not a "strategy."
If your encrypting the hard drive, don't forget to encrypt the memory. Data can be retrieved from RAM after power is lost to the system (shutdown etc), and even possibly after the data has been written over. And of course data can easily be retrieved from many file systems after being deleted.
I'm sorry to see the amount of misdirection and misinformation in this thread. The purpose of this thread was not to find out if windows is as secure as Linux, but to find a security solution on Linux that disables any retrieval of certain information after the physical seizure of a computer.
Some here have mocked good encryption algorithms by saying the more security you implement the more security "they will just crack". This is incorrect. It would take a week on a supercomputer and some good luck to break the heavy encryption algorithms you can utilize to encrypt a file system. Anyone who authorizes to take your computer by law (I'm not disputing the constitutionality of the patriot act and the executive eavesdropping order) will obviously be paying someone else to take the information off your computer. They will definitely not spend a week (or, from their point of view, undefined amount of time) breaking encryption, unless you have left an easy (careless) security loop hole for them.
It has already been said in this thread that your current security solution can be achieved in Linux. However, I have not seen a comparable ALL-IN-ONE security solution for Linux. It is not necessary to have an all-in-one security solution if you are willing to spend a little time "tinkering" with a Linux box.
As for fingerprint authentication for your computer:
Anyone with the resources to retrieve data off your computer can easily take your fingerprint off the coffee cup your threw away at 7/11 last Saturday. Fingerprint authentication won't add to the security of your computer if the government is involved.
Memorize a pattern on your keyboard that will easily allow for a 20 character password. You do not want the weakest link in your security exploited.
I'm not sure the Linux world can offer something like Drivecrypt - but since the company that puts it out made it to Bruce Schneier's Doghouse at http://www.schneier.com/blog/archive...ghouse_pr.html, then maybe that's OK...
Well, I have some experience retrieving from hard drives, but not memory. I was also surprised when I first learned about this, but now I have read about it some, and it seems to be completely reasonable. Why do you think the linux folk would add support for encrypted ram drives if they were completely useless?
Last edited by Synesthesia; 02-05-2006 at 01:18 PM.
Well, I have some experience retrieving from hard drives, but not memory. I was also surprised when I first learned about this, but now I have read about it some, and it seems to be completely reasonable. Why do you think the linux folk would add support for encrypted ram drives if they were completely useless?
okay, but how about some links so that we can also read-up on this very interesting topic??
I would have definitely posted the links if I still had them. I just did a quick search without any luck, and since its been a while I'm also still interested. It was about data retrieval from the memory, and it (might have been security ebooks, not the web, sorry I don't remember right now) did mention retrieval after power is lost to the memory. Let me know if you find any internet references.
Last edited by Synesthesia; 02-06-2006 at 04:55 PM.
After reading this entire thread, I think I can safely say that the answer to your question is no, there is no tool publicly available for *nix that meets all of the criteria you have stated.
There's nothing for Windows that does either. Everything he's done can easily be defeated by anyone with physical access to the PC and this little device from ThinkGeek:
Like others have said, security is a process. If you're unwilling to follow good security proceedures/practices no amount of fancy hardware or software will save you, regardless of OS.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.