Security :: Encryption - Two Passwords Associated With One Account ?
Mar 11, 2011
Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
View 1 Replies
ADVERTISEMENT
Jan 7, 2010
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies
View Related
Jun 7, 2011
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
View 9 Replies
View Related
Jun 20, 2010
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies
View Related
Mar 10, 2010
I would like to be able to store all my important details and passwords in such a way that it is encrypted, easy to get the information out and is cross-platform. Basically, I am thinking that if I kick the bucket that I would like to make it as easy as possible for others to be able to access this information using a pre-arranged password.
Ideally I would like the files to contain the program that is needed to extract the data i.e. importantinfoLinux.sh inportantinfoWin.exe (Just like a self-containing zip). I haven't found anything along those lines.
The things I am currently thinking of is:
1) A password database program that is cross-platform like KeePass. WIth the bundle contining the relevant installers for win, linux and OS X and the database file.
2) An AES encrypted zip of the data with relevant programs to open it e.g. 7-zip on windows, peazip on linux and OS X
Has anyone got any thoughts on this? Any self-containing java encryption apps?
View 3 Replies
View Related
May 1, 2011
I just recently upgraded from 10.10 to 11.04, but using the classic desktop instead of unity, mainly because unity sucks big time, but that's a different story, anyway, when I used 10.10 I had a key setup for access to my remote SSH server, but now when I try to set up a new key using passwords and encryption, I get:- "Couldn't configure secure shell keys on remote computer", followed by:- '** (process:2532):WARNING **:couldn't open fd 27:Bad file desciptor' 3 lines of this with different process numbers then I got ''** (process:2535):WARNING **:couldn't open fd 27:Bad file descriptor: Permission Denied. Please try again'
I have not changed anything on the remote server at all. I can access SSH using PuTTy sucessfuly, but I want to set up a key using the ubuntu passwords and encryption key program, but since ugrading to 11.04 I can not do that for some reason.
View 4 Replies
View Related
Nov 26, 2009
I am just wondering what encryption method the shadow file uses, so that I may be able to manually change it. I ask this because I am trying to make a web page that will allow people to change their linux password via a browser.
View 4 Replies
View Related
Nov 4, 2009
I'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it. I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok.I'm guessing the md5 should be changed to something else, like sha256. What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.
View 1 Replies
View Related
Oct 4, 2009
i am wanting to put a list of common passwords on a usb stick, but i want the file to be password protected. I also need to be able to access it from more than one computer (all linux, maybe a mac too).
View 5 Replies
View Related
Jun 14, 2010
Is it possible to have more than one password simultaneously attached to a login account in Linux?I'd like to be able to add a temporarily-authorized user to an account on my web server, but don't want to have to change the login afterwards.Even cooler would be if this could be done with a timer of some kind so the temporary password would auto-die after, say, 24 hours.
View 1 Replies
View Related
Oct 19, 2010
I have a lot of passwords and keys for FTP and SSH connections that I need to keep. When using the "Passwords and Encryption Keys" the Export menu is sensitive/disabled.
I need to back them up, amongst other things, as I'll be re-partitioning my hard drive which will most likely result in a fresh install of Ubuntu.
View 1 Replies
View Related
Dec 23, 2010
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
View 1 Replies
View Related
Dec 15, 2010
I use Ubuntu on my netbook, which I uses for browsing and email. It's way faster than the Windows which came on the machine. That's a nice feature, as is the price.
I like it except for the constant, perpetual, ever-present, super-annoying need to be entering passwords and "becoming root user" and so on. I am the only one using this appliance. I don't even care if someone steals it, really. There must be some way (I hope) of disabling this idea that I am a CIA agent with TopSecret materials.
I just want a simple, easy to use appliance. If not Ubuntu, is there any distro that is aimed at normal people?
View 14 Replies
View Related
Sep 18, 2010
DRG SSH Username and Password Authentication Tag Clouds
View 3 Replies
View Related
Aug 31, 2010
Lately I adapted my /etc/fstab to mount samba shared network drives. I had to put the password in the configuration file in order to log in automatically. Isn't there another way? It feels a little akward to me to put passwords in a plain text-file.
View 2 Replies
View Related
Jul 19, 2010
Sitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.
I did:
passwd joeuser
To change his password and still he goes right in without being asked for a password!
Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.
View 14 Replies
View Related
Jun 6, 2011
I have joined a number of websites over time and it seems harder to manage them. Would like advice on how to generate passwords and to store and keep track of them. I would like to hear of systems or programs that are good for this.
View 5 Replies
View Related
Aug 11, 2010
How to make users, groups, paswords and their IDs be the same on several computers (for example, on cluster)?
View 6 Replies
View Related
Jun 14, 2010
i have found this xor encryption program
Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_SIZE 256
[code]....
Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?
View 5 Replies
View Related
Jan 24, 2011
I'm looking for a tool, command line or GUI, for Linux that generates memorable passwords An equivalent of what I am looking for would be passwords that the Mac Os X keychain can generate, something like apples12$/fourteen. Something strong, but easily memorized by a user.
View 2 Replies
View Related
Jul 25, 2010
I think ubuntu/canonical should start releasing a new flavour geared towards meeting needs of computer security professionals just like backtrack distro
View 9 Replies
View Related
Dec 27, 2010
How would You encrypt Passwords [emails,forums,accounts] onto USB Flash the most Secure way? (It should be command line so I can use any Linux distribution on it.) Is gpg -c <filename> secure enough ? And what FAST distro would you install on it? I'm learning on old USB flash and found SliTaz pretty damn cool,I use it as a LiveUSB. Also I've tried Kubuntu but it's bit slow. Going to try Lubuntu soon too. Any other idea?
And I'd like to install some FAST distro onto new 8GB mini USB flash drive,maybe Kubuntu as well. How would you partition its Flash drive? Probably separate partition for stored encrypted files?
View 2 Replies
View Related
May 24, 2010
Is there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.
Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.
View 3 Replies
View Related
Feb 20, 2011
I am looking for some software (not Tryecrypt) where I can just right click a file and it will encrypt it for me. It would be nice to unencrypt on Windows but not essential.
View 3 Replies
View Related
Mar 18, 2011
When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?
View 14 Replies
View Related
Jun 16, 2010
As I am a paranoid bastard, I made a bash screencap-script for my Ubuntu-computer, so I can check if anyone uses my computer for things I don't want them to do (eg. checking if anyone is viewing passwords stored in FireFox, looking at private files, or other things I find disturbing). There might be other people than me that is paranoid and want to monitor what's going on on their computers while they are away or letting someone else use their computer when going to the bathroom.
This is a small script, I'd like to hear if there is any improvements that can be done, so I can learn more and become better at such scripting.
The script requires Imagick (sudo apt-get install imagemagick) and a folder in the ~-directory (/home/username) called ".screen" (hidden, as this makes it more difficult to "intruders" to find it and it looks more like a system-folder than a monitoring-folder).
The script:
Code:
#!/bin/bash
i=1;
j=`date`;
user=`whoami`;
[Code]....
Add this script to /usr/local/bin and then go to keyboard-shortcuts in GNOME and add a shortcut-key-combination of your own choice for the script. Call it whatever you'd like, and the command you want to run is simply "screen". To add a shortcut for stopping the script, you add another shortcut-key-combination to the command "killall screen".
This enables you to monitor activity on your computer while you're away, saving png-screenshots of your desktop every three seconds in the folder /home/username/.screen/date.
NOTE: I'm not taking any responsibility for what you do with this script. Remember that monitoring someone's activities is never the right way to handle anything. Also, it's illegal many places. Take care and use it only for educational and testing purposes.
View 5 Replies
View Related
Oct 8, 2010
if you go to Edit > prefs > security and choose to show saved passwords they are displayed without entering root pw. This seems to be a huge security hole. How do we fix this?
View 8 Replies
View Related
Nov 13, 2010
The ubuntu installation came with my ubuntu (it does not matter which version etc.) Contains sshd_config file with this interesting lines:
# Change to no to disable tunneled clear text passwords
#PasswordAuthentication yes
The same lines are seen in many Ubuntu-related internet pages. This is quite surprising to see.
This seem to contradict to the fact that ssh was created specially to provide authentication (with passwords, of couse) but without sending them by internet as clear text like previous programs did. But I could not find any clear confirmations of that neither in Kubuntu-related documents no anywhere else. I put below fragment of a document from RedHat. This seem to imply that if one will use two "yes", the passwords will be passed in encripted form (and this is what is recommended by RedHat). Is that true? Is this true for Ubuntu too? Is the quoted line from sshd_config wrong? Or incomplete?
[URL] RSAAuthentication yes
The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1utility for authentication purposes.
PasswordAuthentication yes
The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
View 9 Replies
View Related
Jan 17, 2011
I'd like to know if something like this already exists :have an ecryptfs encrypted user account on a laptop that accepts two logins, 1st logs normally, the second triggers a system format
View 6 Replies
View Related
Mar 22, 2009
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
View 2 Replies
View Related
