Just out of curiousity...
If someone were physically sitting at my machine and didn't know any passwords, couldn't they gain access to the entire file system simply by booting a live cd and mounting the drives? Maybe its a stupid question but I'm still pretty new to linux and it seems like a live cd is basically a loaded gun that will give anyone with it complete access to any linux box.
|
Quote:
|
yeah, that's right
pretty dangerous, huh? :) but if you encrypt your drive, then they can't without an actual password. |
Quote:
Which is different from a person with physical access to your computer how? Or a live CD while you are running any other operating system -- how? Encryption MIGHT help, but if I have access to your computer, I copy it and crack the encryption as the worst case scenario, which is different on an encrypted disk from XP or Vista how? |
Also let's not forget good old single user mode? why do you need a live CD when you can just change the root password using single user mode? It takes alot to secure a computer when you are looking at physical access, it's possible but really really hard.
|
Quote:
|
So the only way to keep anything important totally safe is store it on a flash drive.
|
Quote:
Quote:
|
long story short it doesn't matter what kind of computer you have if someone has phisical access to it they can do anything they want to it. even if your drive is encrypted they can crack it. why do you think they have data centers with armed gaurds? why do you think you need a key to start my computer? (not that this would help if someone took it with them but it's a deterent.)
Edit: no a flash drive isn't that safe. they get misplaced all the time; I'm alwways hearing about ones with clasified government stuff on them turning up. not to mention that it's almost impossible to totaly erase something from flash there are ways to resurect your data even if you thought it was gone. |
"All I need to get everything is ... physical access to the hardware, and a gun." :eek:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
I think you're seriously underestimating the effort needed to crack encryption keys. Your homemade 'supercomputing' cluster might be good for 3d rendering or encoding video but won't be any use trying to bruteforce AES or similar.
Some of the articles discussing the hardware DES cracker shed some light on the sheer quantity of computing power you'd need: http://www.schneier.com/crypto-gram-9808.html Quote:
Quote:
Anyway the main point is that although it's possible that government organisations could get around the encryption one way or another, if they thought your data was really worth it, they're about the only ones who will, the costs of doing so for anyone else would far exceed the money they could extract from your bank account (unless you really are super-super rich!) |
If I was inclined to crack a AES key, which I am not, I would attempt a
"lotto quick-pick" type algorithm. Good luck. (-; Re: Physical machine security. I keep my servers and desktops in the next room. I sleep light and have a large loud mean dog and several guns. So far so good. |
Take a look at the wikipedia page on Brute force attack
Now, wikipedia isn't always the most reliable source of information but this seems to agree with other sources out there. Quote:
|
Princeton researchers can crack most disk encryption (including AES) within an hour.
If you don't believe me, read this article :) There's a catch though ; ). |
OK so I admittedly underestimated what it would take to brute force crack the key, I never said that I could do it or that I had the equipment to do it. I was just saying I wouldn't be so sure your data would be safe and point out that some of the worlds most powerful computers can be built from commodity hardware and even more powerful dedicated crackers can be made with fpga's. not to mention that since computers get faster at an incredible rate what's not reasonable today could be quite feasible in a few years. and as you people have pointed out already it's not always needed to try every key to crack it in fact the chance of cracking it on the last try is just as unlikely as the first try, and there are ways to help with your guesses like dictionary files and the cold boot attack that crc123 pointed out. Incidently since it is imposable to prove a negative you can't disprove secret criminal supercomputers anymore then I could disprove little green men living somewhere in the universe. Just a thought.
|
Quote:
|
Quote:
The point is though that it's silly to tell people not to use encryption because there might be magic supercomputers out there. The real way that govt./police get around encryption is by relying on the simplicity of human memorable passwords (get around this by using a key file on a CD/USB stick), do a data recovery on your hard disk in the hope that the plaintext hit the platters at some point, catch the computer just after you've turned it off (or better yet with it still running) and do the cold-boot attack (or just look at the files as you have them opened). None of these methods is perfect and if you're careful you can probably reduce the likeliness of their being effective to almost zero. Plus it's very unlikely that your average criminal would have the ability or resources to successfully attempt any of these. EDIT: Something to backup this last sentence: http://www.axantum.com/AxCrypt/etc/About-AES.pdf Quote:
|
Quote:
|
Quote:
Your previous posts in this thread seemed to be saying that there's no point in using encryption as anyone who can connect a few computers together and program well in C++ can crack it. I wasn't trying to start a flame-thread but this is just not true and to me seems to be very bad advice. |
Quote:
|
This is getting tiresome - are you actually bothering to read my posts? I never said it couldn't be cracked, in fact I described at length how it could be. The point I was making was the difficulty, and therefore expense, of making a worthwhile attempt at cracking it was great enough that it does actually protect your data, at least as far as individuals and probably most small to medium businesses.
As to the rest of your post * Analogies to physical locks are meaningless - just because you can break down most doors with a strong kick doesn't make encryption anywhere near as easy to break * The only thing I have on my computer that I 'worry' about are my banking details, and that is the only file I bother encrypting. I never said anything about full disk encryption :confused: |
comment: it really doesn't matter how much computing resources the government has. if you're suspected of a crime, and you refuse to give the password for your encrypted drive, you're withholding evidence, which is a pretty serious crime itself.
|
Quote:
To make a potential intruder's life more difficult:
Ta-da: you're a much more hardened target now. If this level of security is not sufficient for the type of data you keep, you're going to need real physical security (like a data center). |
I don't know how my question evolved into this ;) But I can tell you one thing for sure...all your clusters and high-tech mission impossible stuff won't do you in any good if my files are on a usb flash drive in my pocket. :) Although I just read the above post and these are things that I already do...after installing I always change the boot from cd option, as that option seems to slow down my usual boot if there is a cd in the drive. I think if you change that and password protect the BIOS you've stopped 95% of people. If you physically protect the case so that they can't reset the CMOS you've probably stopped all but the most determined person, and I don't have anything quite that important.
|
What i did to stop the most basic acces was to turn my pendrive into a 'key'
i copied /boot/* onto my pendrive opened up th terminal did the following $su -c 'grub' grub>find /boot/grub/stage1 (hd0,2)#hard dissk partition (hd1,0)#pendrive partition grub>root (hd1,0) grub>setup (hd0) grub>quit from now on your pendrive must be plugged into the computer when you turn it on. If not you get a 'grub not found' error. Granted this won't stop anyone with a live cd but it should stump average joe. For more security you could delete /boot/grub/*, hide the (hd1,0) partition. etc |
All times are GMT -5. The time now is 12:55 PM. |