Ubuntu Security :: Loop Hole In Encrypted Home?

Jun 11, 2010

I'm using 10.04 with encrypted home dir. I think the behavior below is wrong:

I can log in as root and change user's password. After that the user can log in using new password, which is normal, but it can also decrypt its home dir using the new password, which is dangerous. Assume I lost my computer. This encrypted home dir will not protect my private data because whoever gets the computer can boot it up with a livecd and chroot to change my user's password and then boot up my system and log in using new password.

View 3 Replies


ADVERTISEMENT

Ubuntu Security :: Encrypted Home On Karmic

Mar 15, 2010

During the installation of Ubuntu Karmic, I picked the option that encrypts my home directory.

A few questions:

(1) Shortly after installation, I was asked to run a command to print a key necessary for data recovery from a rescue CD. I didn't run it at the time and am now looking for the command to run. What is it?

(2) I think I read somewhere that this also encrypts swap. Great. Correct me if that's wrong.

(3) If I suspend the machine, is my home directory encrypted? That is, if I have this on a laptop and travel with the suspended laptop and someone steals it, are my data safe, or not?

(4) I assume the weakest point in the system is my relatively short login password (but I think the install tests it and found it okay). Is there a recommendation how long this should be?

View 3 Replies View Related

Ubuntu Security :: Encrypted Home Folder And DropBox

Mar 9, 2010

I just installed 9.10 on my laptop and selected the option for home folder encryption. I am running DropBox and placed the DropBox folder on my desktop (meaning it should be encrypted when I am logged out.) So I have two questions:
1) Shouldn't this setup cause my DropBox files on the server to be encrypted? Apparently they are not because they appear as unencrypted text using the DropBox Web interface.
2) If they were encrypted on the server (which doesn't appear to be the case right now), how would it be possible to share them with another client unless the encryption on both clients were set up identically?

View 7 Replies View Related

Ubuntu Security :: How To Recover Encrypted Home Partition

Apr 26, 2010

While setting up my laptop on a new hard drive (a bad mobo caused writes which pretty much rendered teh old hdd unusable) I was asked if I wanted to encrypt my home partition.

I've been wanting this for several years - even going as far as trying to get a copy of CheckPoint. That's waht my organization uses on all Wintendo laptops and is required.

In any case, I said "yes" and am happily using my laptop with an encrypted home partition. I'm assuming based on this - [URL] - that it is using EncryptFS as the scheme.

if I were to misplace my laptop, how easy would it be for a forensics team to retrieve my data. Let's assume I have a fairly strong passphrase, such as BisZumBitterenEnd3. [URL]

View 5 Replies View Related

Ubuntu Security :: Recover Encrypted Home Partition?

May 3, 2010

I had some major problems after the recent Ubuntu upgrade and had to boot from a live cd. I have a separate /home partition, but it was encrypted using the default install encryption in the 9.10 install cd. How can I get to my files so I can back them up?

I have tried this but it did not work: http://ubuntuforums.org/showthread.php?t=1337693

View 9 Replies View Related

Ubuntu Security :: Recovering Encrypted Home Folder?

Jul 19, 2010

Let's begin from the top. I have a relatively new laptop that I've been running Ubuntu on (along with a little-used Windows boot). Picked it up in November or so, installed the current "latest" version of Ubuntu at the time (9.10). I have been doing incremental upgrades, and it's been progressively breaking down more and more. Yes, this includes 10.04.

After GRUB stopped working, I decided it was time to try a reinstall from the top. I told it to leave all the other operating systems alone and do a full reinstall.

Fortunately, I had managed to stuff most of my current work in duplicate locations during this whole debacle, somehow. Don't ask me how I managed to do that when GRUB wasn't working. However, when I installed, I conscientiously said "Oh, yes, Ubuntu, encrypt my home folder! I love privacy!" As a result, about... 30 gigabytes of useful (but ultimately re-downloadable) material is rather inaccessible at the moment. When I try to boot the old system using the newly fixed GRUB, it goes into kernel panic. This seems like a no-go.

I have a saved hojillion-character long passphrase for decryption from my install back in November. Conscientiously saved in the case of just such an emergency.

I read this how-to and followed it to the letter as far as I could tell, trying to mount with ecrytfs to recover my data.

[USERNAME] here is a proxy for my actual username. Yes, the location of my old home folder may seem a little bizarre.

Code:
sudo mount -t ecryptfs /media/c82ca9fe-2b15-4aca-a98d-6482b1d80a32/home/[USERNAME]/ /home/[USERNAME]/oldhome
Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)

[Code].....

View 9 Replies View Related

Ubuntu Security :: Different PWD For Login And Mounting Encrypted /home

Nov 13, 2010

I've just reinstalled my box with an encrypted home (used the encrypt home option when installing). I have a query in this regard - suppose I lose the box. Won't it be possible for someone to drop into root, reset my passwd and then access my /home. Is there anyway of having a different passwd for accessing /home? My ~ is on a different partition from /.

View 3 Replies View Related

Ubuntu Security :: Move Home Folder To Encrypted Partition?

Apr 11, 2010

What are the steps I must take to move my existing home folder to a separate, encrypted partition? Can I create this partition without damaging my current partition? Where is a trusted location to download App Armor profiles? What else can I do to harden the security of Ubuntu?

View 1 Replies View Related

Ubuntu Security :: Create A Persistent LiveUSB With An Encrypted Home?

Jul 20, 2010

I want to carry Ubuntu with me everywhere on a LiveUSB but I want to encrypt the home with a strong passphrase in case it is lost or stolen. How do I do that?

View 1 Replies View Related

Ubuntu Security :: Running Progams While Logged Out With A Encrypted Home?

Aug 28, 2010

I would just like to know how to, and know if its secure to run the following programs WHILE LOGGED OUT of Ubuntu: openvpn, deluge, and if it can be securely done while the home directory is encrypted.

View 6 Replies View Related

Ubuntu Security :: Cloning An USB Install With Encrypted Home Folder?

Mar 18, 2011

I would like to give a few students a preconfigured Ubuntu USB stick with certain apps. I also encrypted the home folder in case of loss.

With TrueCrypt, cloning an encrypted container would be a big no-no because any one could just backup their header with a known pw and use it to decrypt anyone else's container due to each container using the same master key. I assumes the same applies to home folder encryption, yes?

Is there a way, other than creating a new user with home folder encryption, of forcing a master key change?

View 8 Replies View Related

Ubuntu Security :: Constantly Having To Remount Encrypted Home Folder

Aug 16, 2011

while since I've been here. I'm having an issue with a fresh install of 11.04. Due to work requirements, I encrypted my home folder, which is fine, however, it seems to randomly lock itself down while I'm working, and it's getting really annoying.

Apps stop working, I can't open nautilus (something about not being able to create certain folders because home is locked), hell, even the terminal link on my desktop says failed to launch application (though the launcher on the top panel works). I just have to run ecryptfs-mount-private and enter my password to fix it, but it's doing this every 15 minutes or so. what might cause it to relock itself so frequently? I would expect to not have to deal with mounting my private data, that should happen at login and be good until log out.

View 3 Replies View Related

Ubuntu Security :: Disabling Filename Encryption On An Encrypted Home Directory?

Jan 3, 2010

Not using filename encryption when you create a new encrypted folder is easy, but how to disable it in the home encryption that is automatically set up by the Karmic installation CD?

View 1 Replies View Related

Ubuntu Security :: Home Folder - Reading Data Encrypted With Old Version

May 17, 2010

If I wanted to transfer a home folder that was encrypted to another ubuntu computer could I? If I had a separate home partition that was encrypted, but I wanted to upgrade ubuntu to the latest version by doing a clean install is there an easy way so that I can still read the data encrypted with the old version?

View 5 Replies View Related

Ubuntu Security :: Justify Home Drive Is Encrypted And Decrypted During Login?

Aug 17, 2010

Lately i just reformatted my laptop again and created a encrypted home drive using the default.It prompt for my password and then i key it into the terminal.Then the terminal closed it.How to justify that the home drive is encrypted and decrypted during login?Beside that,if it is encrypted and what kinda extension is drive gonna?Apart from that,i used cryptkeeper to create a encrypted folder.How do i know if the folder is encrypted beside it prompt for me to enter my password?

View 7 Replies View Related

Ubuntu Security :: Access Encrypted Home Folder From Recover Mode?

Nov 26, 2010

I logged in to Recover Mode ("Drop to root shell prompt") this morning to do something. Naturally, I wanted access to my encrypted home folder.

The README file says to run ecryptfs-mount-private. However, that command returns an error:
"ERROR: Encrypted private directory is not setup properly."

This cannot be correct, because if I log in normally, I get my home folder without any problem.

How can I access my encrypted home folder when I boot via Recover Mode?

View 2 Replies View Related

Ubuntu Security :: Unable To Mount Home Folder Encrypted With ECyptfs

Jan 30, 2011

After buying an IBM/Lenovo USB fingerprint reader model FP06 and installing Fingerprint GUI, have problems to mount my home folder encrypted with eCyptfs. I was using it since the first time i install Ubuntu 10.10 64 bits. After login from GDM, there are some ways to make it work:

1) open a terminal window and type ecryptfs-mount-private. This decrypt the home folder, but need to logout and login again to my personal preferences can be reached (bookmarks in nautilus, in firefox, etc). Each time the PC is rebooted, the same process is needed to made again.

2) before login in GDM, change to a tty1 terminal (ctrl-alt-F1) and login from here. The personal folder decrypt then without problems. Then change to GDM (ctrl-alt-F, login an everything works fine. What could be the fault from GDM to not mount the encrypted folder?

View 8 Replies View Related

Ubuntu Security :: Move To Encrypted Home Directory Not Losing Data?

Jul 20, 2011

I am running ubuntu 11.04 I'd like to encrypt my home folder. - how can it be done, without creating new user/starting from scratch. -I'd like to keep all the files and desktop settings - the only change should be that the folder is encrypted now.

View 2 Replies View Related

Ubuntu Security :: Encrypted Home Folders - Verify That It's Actually Performing The Encryption/decryption?

May 1, 2010

I ticked the box for this when I installed Lucid, but how can I verify that it's actually performing the encryption/decryption?

View 4 Replies View Related

Security :: Change Login Passphrase (to Unlock Encrypted Home Directory)

Nov 21, 2010

I just installed the testing version of Debian with the option to setup encrypted home directories. I used a passphrase that I now want to change to something else. How do I do that?

View 4 Replies View Related

Ubuntu :: Make Computer Accessible Without Opening Gaping Security Hole?

Mar 4, 2010

my son is 15, autistic and mentally retarded. he is moderate-low functioning and loves to watch barney the dinosaur, thomas the tank engine and other young children's programming on videos on his computer. he can talk in a limited way and can read out loud at about the first-grade level, though he seems to have little or no comprehension of what he's read (hyperlexia).i'm having problems with viruses and spyware because he lacks the judgment that keeps the rest of us from clicking on every window that pops up. we've had a particularly nasty crop of ad-ware viruses lately that pops up graphic porn ads even when the browser is closed. i've had enough of this.

the computer is an ancient dell dimension 4600 desktop (circa ~2002) running windows xp. i've run ubuntu from a live cd and installed flash as a test. videos videos play fine, so that's not a problem. i don't really want to replace the computer becasue it still works and is only used by him to run firefox. i am willing to buy a new computer if that turns out to be the only option.i've been using ubuntu exclusively on my laptop for several years and i would like to remove windows from his computer and replace it with ubuntu. i'm wondering how i can make his computer as accessible as possible to him while not sacrificing too much security.my son has very poor fine motor control over his hands. he can use a mouse with some difficulty, but using a keyboard is out of the question. he can use the mouse to click on the shortcuts to his favorite videos, but i can't think of how he would be able to enter a password for his account. not only does he have the fine motor problem, but he is not able to remember any usefully secure password.

does anyone have any ideas about how to make his computer accessible to him without opening a gaping security hole? two ideas that i've kicked around are creating a user with absolutely the minimum privileges required to use firefox and no password or finding some way to enter a password that doesn't require a keyboard. i haven't come up with how to implement either of those ideas successfully.

View 6 Replies View Related

Ubuntu Security :: Main Encrypted LVM Not Accessible After Deleting A Different Encrypted LVM On USB HD

Mar 7, 2011

I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:

cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/

Then after waiting for a few minutes I get an error followed by (initramfs)

When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.

Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.

View 9 Replies View Related

Ubuntu Security :: Right Click - Automatically Get The Encrypt Process To Delete The Un-encrypted File When It Makes The New Encrypted Copy?

Jan 5, 2010

I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?

View 6 Replies View Related

Ubuntu :: How To Know Home Folder Is Encrypted

Jul 13, 2010

I can't remember if i choose encrypt my home folder when i first install ubuntu.

is there a way to know if it's encrypted?

View 7 Replies View Related

Ubuntu :: 10.10 - How To Recover Encrypted Home

Nov 22, 2010

Dummy me let root run out of space because I didn't know to use logrotate. I was able to compress the system logs but not before the damage was done me thinks; now the computer is unbootable. I booted from a LiveCD and got my old partitions mounted under /media/oldroot to try and recover files; however, I forgot that I had encrypted my home. I found [URL] and was following it; however, I seem to run into a bunch of path issues after I chroot.

The chroot command returns:
bash: groups: command not found

The su command returns:
-su: cut: command not found
-su: getent: command not found
-su: expr: command not found
-su: groups: command not found

Finally, the ecryptfs-mount-private command returns:
-su: ecryptfs-mount-private: command not found

I have separate partitons for /, /home, /tmp, /usr, and /usr/local and bothered to mount the first 2. (If only I had been ambitious enough to create a /var). I was running Ubuntu 10.10.

View 1 Replies View Related

Ubuntu :: No Access To Encrypted Home?

Jan 27, 2011

I have choosen to encrypt Ubuntu 10.10 during installation (no alternate installation). After some time of working properly I get following error message after I put in correct password :

"Could not update ICE authority file /home/surf1/.ICE authority"

When I click "ok" following error message is shown :

"there is a problem with the configurationserver (/usr/lib/libconf2-4/gconf-sanity-check-2 finished with status 256)"

When I click this "ok" next error message appears :

"Nautilus could not create following necessary files : home/surf1/Desktop,/home/surf1/.nautilus"

After I click here ok nothing else happen anymore and I get not access to my account and so to my data.

View 3 Replies View Related

Ubuntu :: Backup PC And Encrypted Home Folders?

Jan 2, 2010

I'm recently switched my work laptop from running winXP to runing karmic. I'm still at the stage of getting my various bits and bobs working correctly. One of these I (may) have a problem with is backup's. I've ran backuppc on a ubuntu 9.04 box in the attic for the last year or so and I've been backing up my laptop to that. But since the switch, since I have an encrypted home dir, what is being backed up is the encrypted files. First, can I recover these if needed (I kept a copy of my passphrase), or can I get backuppc to ssh in as me with my home dir mounted correctly?

Backuppc is using rsync over ssh I've been using linux on and off since about redhat 5.0, so I'm not afraid of the command line or vi

View 5 Replies View Related

Ubuntu :: Undo Encrypted Home Folder?

Feb 10, 2010

I recently did a clean install of Ubuntu 9.10 and when I did I chose to have /home on it's own partition and have it encrypted. The more I think about it the more I regret this decision. What if I want to switch distros down the road? What if I have to boot from a live cd to back up files? Is there a way to "undo" the encrypted home folder permanently? I don't mind having it on it's own partition, it's just the encryption that makes me worry.

View 1 Replies View Related

Ubuntu :: Backing Up Encrypted Home Folder?

Feb 13, 2010

I recently installed Ubuntu Karmic on my netbook (I tried netbook remix but preferred the look of the regular desktop edition). When during installation, the option to encrypt the home folder appeared, and being mildly paranoid I thought, "sure, why not?" (I must warn you that I am a new user with little technical knowledge other than what I have managed to gather in a semi-passive manner over the past couple of months). The problem is, I (try to) backup my data weekly, and so today I gave it a shot (I got the desktop edition a week ago). I have encountered the following problem.

I backup my system following (approximately) the instructions at [URL] for Backup The exact command I enter at backup is:

sudo tar -cvpjf 2010.02.13.tar.bz2 --exclude=/proc --exclude=/lost+found --exclude=/sys --exclude=/mnt --exclude=/media --exclude=/home/dan/music /

(I exclude my music folder as it is huge and I already have it all in several other locations) When I executed this command all ran smoothly for a while, however it soon began backing up the directory /home/.ecryptfs/dan/.Private At this point, it started backing up the huge number of files in this directory. I assume these are encryption keys? Forgive my ignorance... Anyway, it took several hours going through this folder, and finally bzip gave up, complaining of excessive file size:

bzip2: I/O or other error, bailing out. Possible reason follows.
bzip2: File too large
Input file = (stdin), output file = (stdout)

I assume that excluding the encryption keys and such from the backup would be a bad idea: I guess that if I did not restore the relevant directories along with my home folder, it would be inaccessible? Is there a way to avoid backing up such a large amount of data?

View 5 Replies View Related

Ubuntu :: Trying To Rebuild Encrypted Home Directory

May 21, 2010

I ran fsck on the wrong partition (which was mounted) and in my haste blew up the file system on that partition. Now here's the kicker, I had 450Gb of data and documents on that partition that was in an encrypted home directory. So the long and the short of it I ran fsck again and I was able to recover all the files, and they are now residing on a Lost+Found folder on my hard drive.I have located the encrypted files, but I don't know what to do with them.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved