I was wondering whether increasing the strength of a key by increasing the number of bits in the key to 2048 makes any sense if I want to leave the passphrase blank anyway? I'm setting up passwordless ssh logins on my LAN as I'm a bit tired of constantly being asked for a password.
View 7 RepliesOn a full update centos 5.5 64 bit every day increases slab cache , specialy size-2048 eat a lot of memory ..
how can change this ? maybe a kernel bug ?
cat /proc/slabinfo
slabinfo - version: 2.1
# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs> <num_slabs> <sharedavail>
[Code]....
My /proc/sys/kernel/random/entropy_avail went from 2200 to <200 after ssh-keygen. The generated key pairs also doesn't work (ie I'm asked to provide a password). Anyone knows what is the minimum before and after entropy number I should see in order to have the keys generated properly?
View 8 Replies View RelatedIn my ~/.ssh I have a number of public keys and one private key (id_rsa). How can I verify which one makes a pair with the private one.Or, can one generate the public one from the private key (in reasonable time)?
View 4 Replies View Relatedi have found this xor encryption program
Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_SIZE 256
[code]....
Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?
Simply, the number of possible combinations of passwords increases as an exponent of the number of characters used and as a factor of the number of characters available for use.
26 potential characters for a 2 character password results in 26^2 possible password combinations. This means that each new character added would result in an "order of magnitude" increase in the difficulty of brute force attack.
Using a phrase, complete with punctuation and capitalization is the very best mnemonic device to remember a password. Consider this, how hard is it to remember; The quick brown fox jumped over the lazy dog.
Than it is to remember, l33tsp34kp@ssw0rd
If we pretend that both of these passphrases are generated from a character set consisting of 26 characters, the first would be one of a possible 15274273784216769021564085930704478424313742483024 510976. The second would be one of a possible 1133827315385150725554176.
In short, use a passphrase not a password, they are much MUCH more secure.
I'm trying to add a key to a new slot from a keyfile that I created, but I keep getting an error and I don't know what the problem is.
Code:
root@ubuntu:~# cryptsetup luksAddKey --key-slot 1 /dev/sda5 -d /media/Ubuntu_10_04/etc/cryptkeys/swap.key
No key available with this passphrase.
content of swap.key
Code:
nBPeNCr_PS-yEv5SYEyyzaEextllDLo7aHs7yZGW9dtC48GDlte6WYQe7iG2poJr84U6twxu1DImZcyoBPB1q1AjYAanPsre7qLr7VnN4G6u1x_WG-sja6U_pvnks9CTgcD4UmfBw9mkrU3YY4GknQXtpLvkiBkM1soJ0SYYQ2r-7CDZJvaiYJb9eOKKbMsjlrEG39IBdQwdcEp3D7PK5paTYZdVHU2ygrJvJy-sJly4oqb2274DO8hbYviQsPdawetglkhhhhhhh98h4erwjerfkasjnfhsahfocLnBPeNCr_PS-
[code]....
I need an non-interactive, symetric, passphrase mechanism that can be used on machines beyond my sys-admin control. Currently, I use the Python code (with variants):
Stat, Output = commands.getstatusoutput(
"gpg -c --passphrase=%s '%s'"%(Password, TarFileName))
to encrypt and decrypt files (tar balls). The "Password" is generated by a Python code on a singular removable flash drive. It worked with FC11 and Windows, but with FC13 I get an interactive dialog, which gets canceled, and then: can't connect to `/home/{a user id}/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[3432]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: error creating passphrase: Operation cancelled
gpg: symmetric encryption of `testdata' failed: Operation cancelled
The operator does not know the pass phrase. This is a single user mechanism which relies upon the mounting of the special flash drive to work. The application is portable across many platforms and hosts, but can only be used by the possessor of the flash drive.
How can I enable passphrase along with the password for login via ssh ? In that whenever I login from server A to server B via ssh, it should ask me for a password and then passphrase to allow me access.
OR
Can we have multiple passwords to login via ssh ?My basic need is to have 2 levels of password.
i have installed a ubuntu 10.04 (mini iso) w/ option of root encryption. Now i need to boot without ask for passphrase, but im trying to add a luks keyfile without success.i want to use a keyfile in the /boot partition or inside the initrd (cant be in external pendrive), but ubuntu aparently dont accept a keyfile in /boot or initrd file. I know, this way isnt very security, but i just need a basic encryption.So, how to force the use of a keyfile in /boot or inside the initrd for a crypt root partition?
View 5 Replies View RelatedI have currently a file server that runs on Fedora 9, and all other PCs (mostly running Windows XP) access the file server via SAMBA. Everything works perfectly! However, lately a home invasion in my neighborhood got me thinking. If they take my file server, my data is not protected. So, I would like to implement the LUKS partition encryption (/home) which sits on a separate disk. However, I don't quite like the decryption process at boot time. In other words, I would like to wake up the file server (WOL) remotely, and when it's done booting, I would like to log-in using the other PCs and enter the passphrase remotely to decrypt /home. Is this possible using LUKS encryption (i.e., cryptsetup)? If not, what would be another alternative to what I am trying to do using a secure encryption (so that the data is safe from thieves)?
View 4 Replies View RelatedI have an encrypted disk, using LUKS / dm-crypt, on Fedora 14.Every time I boot, I am immediately prompted for the passphrase. This happens VERY early in the boot process, and is a graphical screen (ie not console text). If I hit escape, I am prompted in a text-mode for the same passphrase. If I hit escape or return a few times, boot continues normally.
I only mount the disk occasionally, and don't want to be prompted at boot for the passphrase to luksOpen the disk at boot. I manually cryptsetup luksOpen and then mount it when I want access. I just don't want to be asked at boot, and don't want to unlock it until I do so manually.Does anyone how how I can tell Fedora to not attempt to decrypt / mount this filesystem at boot?It's not in /etc/fstab. I should mention, no LVM, just mdadm raid5 on the partition + luks /dm-crypt.
How to change the passphrase for crypted partitions in F14?
View 1 Replies View RelatedHello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
When I set up an ID in Ubuntu, I encrypted it. I did a print screen of the passphrase and put it on the desktop. I'm just learning how to use the encryption so don't fault me for putting it right on the desktop. There is no important data in this ID. Now, I went and changed my password to the account. On the next boot, I got a few error message:
Could not update ICEauthority file /home/mickymouse/.ICEauthority
There is a problem with the configuration server /usr/lib/libconf2-4/gconf-sanity-check-2 exited with status 256 In researching these, it looks like the problem is that I changed the password but didn't update (or something) my passphrase.
I can't boot into the GUI but I have figured out how to boot to a command prompt. I don't have access to my home directory because I don't have my passphrase. Am I toast or is there a way to recover / update the passphrase?
I just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?
View 4 Replies View RelatedSo I just got a new Dell w/ Win7 and it's controlling ME rather than letting me control it...
I can't open a keygen or even drag it to the desktop!!! I tried to uninstall McAfee only to find I'm not authorized to!!! From tasks OR processes - on MY computer!!!
So do I need to get rid of McAfee or is this windows' doing?
I have 2 servers, let say server1 and server2. I have create ssh-keygen from server1 to server2, I can ssh from server1 to server2 without typing a password. My question is: How can I use command from server1 to server2? for example I want to list file in server2 /home directory from server1.
View 1 Replies View RelatedI have a 30" LCD with 2560x1600 pixel resolution. I would like to make and play videos at this resolution, but software decode is too slow, and the GPU accelerated decode (VDPAU) maxes out at 2048 pixels. It might be possible to decode 2Kx2K and cut-and-paste and reorganize the rectangles to fill 2560x1600. But someday I plan on getting a 4K screen (4096x2160 pixels) and I would like to support that too. For that it seems two video streams decoded by two GPUs and exactly synchronized would work.
View 1 Replies View RelatedI am trying to get the application NagVis to run on our Nagios server. The installation appeared to complete successfully, but when I access the web pages, I get the following on-screen error:
[Code]....
Question: The USA forbids the export of secure cryptography. NSAKEY has already been discovered in the Windows cryptograhic API. Since the Linux-Kernel is hosted in the USA, how secure is its cryptography ?
View 1 Replies View RelatedI'm using 3g modem(broadband) for connect to the internet. how can I check signal strength in ubuntu 10.04.
View 2 Replies View RelatedIs there any way to specify the bit strength for LUKS when one is installing OpenSUSE 11.4? I've tried to find it (because imho 256 bit aes is a bit high for what little i do with my netbook) but I have not. I was going to try to control+alt+F4 to a shell and create the partition setup and create the LUKS container and see if that works but in the past, trying that doesn't work either because 1) the installer doesn't ask for the LUKS password or 2) it asks, setup finishes normally, but yet I then get what seems to be random boot errors like some times the /home doesn't mount, sometimes the swap doesn't enable, etc.
Anyone care to give some input? I've been around and around the installer and can't seem to find a way to do it.
Password strength in Linux can be ensured by setting parameters in /etc/pam.d/common-password file. But these policies apply only for non-root users, when they set password for themselves.s there any way to ensure strength of passwords assigned by root?Example: Normally root can assign passwords like "hello" "password" etc. Is there a way to ensure that passwords assigned by root must contain a special character and a digit as mandatory?
View 1 Replies View RelatedI'm using 9.04 on a laptop .when i was useing windows I got strong full bars for the wifi signal strength. On the same laptop in the same location, I get only 2 bars (low) wifi signal strength when I'm in Ubuntu 9.04 I'm using the wifi transceiver built into my hp Anyone heard of this problem?
View 5 Replies View RelatedI am looking for a tool that can monitor my 3g signal.
View 6 Replies View RelatedI managed to connect to the internet using wvdial, however I am getting hardly exciting download speeds around 50 kB/s. I was really hoping to get somewhere around 150 - 300 kB/s. Hence my question: how can I "debug" the connection in Linux, i.e. what is the signal strength and if it managed to connect using 3G or only GSM.
I am using Huawei e272 usb modem (branded Vodafone, I am connecting to Virgin though). My wvdial.conf file:
Code:
[Dialer Defaults]
Phone = *99***1#
Username = user
Password = " "
Stupid Mode = 1
[Code]....
I have a WUSB54GC v.1 wireless USB adapter which I use to connect to my home network. For some reason, over time my reception has been getting worse. I'm not sure if this is due to the router or the adapter. In addition, when the signal strength dips below 50%, I can no longer receive email or browse the web. This is only a problem with Ubuntu - when I had WinXP installed, I could access the internet mostly regardless of the signal strength.
I started a year ago with the adapter plugged directly into the computer. After a while I found it necessary to use an extension cord to place the adapter outside my room, closer to the router. A while later it was time for another extension cord, and now my reception has gotten worse again, but I can't extend it any further.
I see the Wifi Signal Strength icon on the top bar, but where's the label that shows the signal strength percentage? Is there a way to re-enable the label or did Canonical deemed it to be unnecessary?
View 3 Replies View RelatedI've got a Linksys WMP54G Pci card of some kind that's being reported as a Ralink rt2500 pci, but it is very slow (50k/s cap) and has jumpy signal strength (goes between 70% and 10% every second or so, while the router is in the same room). It is just this pc, as I'm using my laptop fine right now with no such condition. I am running basically a fresh version of Slackware 12.2, so it's kernel version 2.6.27.7. I have used this with Slackware 13 and there was absolutely no issue, so I think it may be a wrong or outdated driver, but building kernel modules and updating whatever module it should be is not something that I'm very good at.
View 3 Replies View Related