Bitcoin Forum
March 26, 2017, 05:33:16 AM *
News: Latest stable version of Bitcoin Core: 0.14.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How secure is Ubuntu login password protection?  (Read 1438 times)
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
June 22, 2011, 05:30:21 AM
 #1

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
1490506396
Hero Member
*
Offline Offline

Posts: 1490506396

View Profile Personal Message (Offline)

Ignore
1490506396
Reply with quote  #2

1490506396
Report to moderator
1490506396
Hero Member
*
Offline Offline

Posts: 1490506396

View Profile Personal Message (Offline)

Ignore
1490506396
Reply with quote  #2

1490506396
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1490506396
Hero Member
*
Offline Offline

Posts: 1490506396

View Profile Personal Message (Offline)

Ignore
1490506396
Reply with quote  #2

1490506396
Report to moderator
1490506396
Hero Member
*
Offline Offline

Posts: 1490506396

View Profile Personal Message (Offline)

Ignore
1490506396
Reply with quote  #2

1490506396
Report to moderator
hugolp
Hero Member
*****
Offline Offline

Activity: 742



View Profile
June 22, 2011, 06:13:01 AM
 #2

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

I dont think its Ubuntu specific. The user/password part is part of linux (kernel).
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
June 22, 2011, 08:29:32 AM
 #3

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

I dont think its Ubuntu specific. The user/password part is part of linux (kernel).


Does that mean it's really strong? Like if I forget the pass I'm locked out of my data for good or someone could conceivably get in?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Michael
Newbie
*
Offline Offline

Activity: 21


View Profile WWW
June 22, 2011, 08:56:10 AM
 #4

If you have not encrypted your home directory, then no your login is insufficient to protect anything. An attacker, once they have your computer, can remove the hard drive, mount it on an other computer, and get whatever they want.

If you have encrypted your home directory, then, I'm unsure. Seriously, I don't know. I don't know enough about how Ubuntu does home directory encryption. However, I would guess that it would be enough.

Web development and stuff, for bitcoin - http://next-nexus.info/ (http://next-nexus.info/)
Also I exist on the Wiki: http://en.bitcoin.it/wiki/User_talk:Michael
861362
Newbie
*
Offline Offline

Activity: 11


View Profile
June 22, 2011, 12:57:41 PM
 #5

There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.

With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.

You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.

There are no guarantees, just levels of confidence.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
June 22, 2011, 01:04:52 PM
 #6

when you bootup, you press escape, you get to grub.
and from there you can bypass whole the boot process.

of couse you can have encrypted homedirs, with ecryptfs

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
June 22, 2011, 01:07:11 PM
 #7

There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.

With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.

You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.

There are no guarantees, just levels of confidence.
you could also do some of the coldboot voodoo, reading from coldbooted ram attacks, to get the password.

Cheesy

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
June 22, 2011, 07:16:58 PM
 #8

I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).

Thanks all.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
June 22, 2011, 07:22:55 PM
 #9

I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).

Thanks all.
it is secure if you encrypt the home dir

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!