Bitcoin Forum
November 14, 2024, 02:12:50 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How secure is Ubuntu login password protection?  (Read 1649 times)
FreeMoney (OP)
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
June 22, 2011, 05:30:21 AM
 #1

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
hugolp
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


Radix-The Decentralized Finance Protocol


View Profile
June 22, 2011, 06:13:01 AM
 #2

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

I dont think its Ubuntu specific. The user/password part is part of linux (kernel).


               ▄████████▄
               ██▀▀▀▀▀▀▀▀
              ██▀
             ███
▄▄▄▄▄       ███
██████     ███
    ▀██▄  ▄██
     ▀██▄▄██▀
       ████▀
        ▀█▀
The Radix DeFi Protocol is
R A D I X

███████████████████████████████████

The Decentralized

Finance Protocol
Scalable
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██
██                   ██
██                   ██
████████████████     ██
██            ██     ██
██            ██     ██
██▄▄▄▄▄▄      ██     ██
██▀▀▀▀██      ██     ██
██    ██      ██     
██    ██      ██
███████████████████████

███
Secure
      ▄▄▄▄▄
    █████████
   ██▀     ▀██
  ███       ███

▄▄███▄▄▄▄▄▄▄███▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀██
██             ██
██             ██
██             ██
██             ██
██             ██
██    ███████████

███
Community Driven
      ▄█   ▄▄
      ██ ██████▄▄
      ▀▀▄█▀   ▀▀██▄
     ▄▄ ██       ▀███▄▄██
    ██ ██▀          ▀▀██▀
    ██ ██▄            ██
   ██ ██████▄▄       ██▀
  ▄██       ▀██▄     ██
  ██▀         ▀███▄▄██▀
 ▄██             ▀▀▀▀
 ██▀
▄██
▄▄
██
███▄
▀███▄
 ▀███▄
  ▀████
    ████
     ████▄
      ▀███▄
       ▀███▄
        ▀████
          ███
           ██
           ▀▀

███
Radix is using our significant technology
innovations to be the first layer 1 protocol
specifically built to serve the rapidly growing DeFi.
Radix is the future of DeFi
█████████████████████████████████████

   ▄▄█████
  ▄████▀▀▀
  █████
█████████▀
▀▀█████▀▀
  ████
  ████
  ████

Facebook

███

             ▄▄
       ▄▄▄█████
  ▄▄▄███▀▀▄███
▀▀███▀ ▄██████
    █ ███████
     ██▀▀▀███
           ▀▀

Telegram

███

▄      ▄███▄▄
██▄▄▄ ██████▀
████████████
 ██████████▀
   ███████▀
 ▄█████▀▀

Twitter

██████

...Get Tokens...
FreeMoney (OP)
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
June 22, 2011, 08:29:32 AM
 #3

Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?

And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?

I dont think its Ubuntu specific. The user/password part is part of linux (kernel).


Does that mean it's really strong? Like if I forget the pass I'm locked out of my data for good or someone could conceivably get in?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Michael
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile WWW
June 22, 2011, 08:56:10 AM
 #4

If you have not encrypted your home directory, then no your login is insufficient to protect anything. An attacker, once they have your computer, can remove the hard drive, mount it on an other computer, and get whatever they want.

If you have encrypted your home directory, then, I'm unsure. Seriously, I don't know. I don't know enough about how Ubuntu does home directory encryption. However, I would guess that it would be enough.
861362
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
June 22, 2011, 12:57:41 PM
 #5

There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.

With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.

You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.

There are no guarantees, just levels of confidence.
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
June 22, 2011, 01:04:52 PM
 #6

when you bootup, you press escape, you get to grub.
and from there you can bypass whole the boot process.

of couse you can have encrypted homedirs, with ecryptfs

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
June 22, 2011, 01:07:11 PM
 #7

There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.

With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.

You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.

There are no guarantees, just levels of confidence.
you could also do some of the coldboot voodoo, reading from coldbooted ram attacks, to get the password.

Cheesy

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
FreeMoney (OP)
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
June 22, 2011, 07:16:58 PM
 #8

I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).

Thanks all.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
June 22, 2011, 07:22:55 PM
 #9

I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).

Thanks all.
it is secure if you encrypt the home dir

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!