How secure is Ubuntu login password protection?

[FreeMoney]

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

[hugolp]

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

I dont think its Ubuntu specific. The user/password part is part of linux (kernel).

[FreeMoney]

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

I dont think its Ubuntu specific. The user/password part is part of linux (kernel).

Does that mean it's really strong? Like if I forget the pass I'm locked out of my data for good or someone could conceivably get in?

[Michael]

If you have not encrypted your home directory, then no your login is insufficient to protect anything. An attacker, once they have your computer, can remove the hard drive, mount it on an other computer, and get whatever they want.

If you have encrypted your home directory, then, I'm unsure. Seriously, I don't know. I don't know enough about how Ubuntu does home directory encryption. However, I would guess that it would be enough.

[861362]

There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.

With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.

You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.

There are no guarantees, just levels of confidence.

[kokjo]

when you bootup, you press escape, you get to grub.
and from there you can bypass whole the boot process.

of couse you can have encrypted homedirs, with ecryptfs

[kokjo]

There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.

With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.

You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.

There are no guarantees, just levels of confidence.

you could also do some of the coldboot voodoo, reading from coldbooted ram attacks, to get the password.

[FreeMoney]

I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).

Thanks all.

[kokjo]

I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).

Thanks all.

it is secure if you encrypt the home dir