HeiEverytime you log onto your computer the password is sent to PAM (Pluggable Authentication Module), which in turn encodes the password using a special algorithm. The encoded password is then compared to other pre-encoded passwords in a hidden database, and if it's a match - grants you the access to your user. And here lies the problem: PAM stores the password in plain text in the memory. Although the password is quite (very) safe within the memory, it can turn into a huge security problem if the memory residing the password(s) is cached to the swap device. An unauthorized user can then scan the swap devices for available passwords and, in worst case, gain full access to your system. This is something we don't want (do we? Wink).
Well, as far as I understand; if you where to encrypt the passwords within the memory, you'd still be able to read the key used to encrypt the passwords, so it'd be useless. The only solution I see is to have a hardware device which generates the keys used for the password encryption, and that device musn't be able to be read. Instead, the passwords are sent through the device which encrypts them and then returns the encrypted password...Cintra wrote:HeiEverytime you log onto your computer the password is sent to PAM (Pluggable Authentication Module), which in turn encodes the password using a special algorithm. The encoded password is then compared to other pre-encoded passwords in a hidden database, and if it's a match - grants you the access to your user. And here lies the problem: PAM stores the password in plain text in the memory. Although the password is quite (very) safe within the memory, it can turn into a huge security problem if the memory residing the password(s) is cached to the swap device. An unauthorized user can then scan the swap devices for available passwords and, in worst case, gain full access to your system. This is something we don't want (do we? Wink).
Have just been reading through this thread and, not knowing much about PAM, ask myself the question - why does PAM leave an unencrypted copy of the password in memory in the first place - shouldn't something rather be done with PAM to fix that specific problem?
mvh
Yes, the more characters the better. But there's a problem: many of the characters have special meanings in *nix, like the pipe sign |, or quote ". Those characters can't be used for the keys, and since only A-Za-z0-9 are characters that one can trust, those are the ones that I use.Khaine wrote:Well I loaded linux back onto my server box, and used this script and it seems to work fine
One quick question tr -cd [:alnum:] < /dev/urandom 2>/dev/null | head -c $keysize prints uppercase chars, lowercase chars and digits. Wouldn't it be better to try and maximise the amount of characters used, to encrease the entropy? I don't know how to implement it, but having a password like JB{:5f|Z&%!s seems more secure than one deviod of symbols, if not because it increases the number of characters that could possibly be used.
1. Yes, I think so... I know Linux hardly uses any swap unless it's absolutely necessary, but when it does, you can count on that it'll put your PAM password into the swap (since it's just normal data - which is exactly what kswapd will put on the swap)...Master One wrote:I am just getting into that encryption matter, and I was wondering:
1. On most machines with large amount of RAM (> 512 MB), swap gets hardly used at all, so do you really think it makes sense to nevertheless encrypt it?
2. Did anybody check the latest ~x86 baselayout, which has filesystem-encryption included (using /etc/init.d/checkfs and /etc/conf.d/cryptfs)? (Looks like the new baselayout will render such scripts obsolet)
(I was already playing around with the new feature in baselayout, but for some reason I coun't not get cryptsetup to work at all, and due to some other issues I am now reinstalling the whole system on my new notebook, so it may take a while until I can play arround with it again)
HeiMaster One wrote:..using the new ~x86 baselayout indeed renders most of the guides & scripts for filesystem-encryption obsolete. I just activated the swap-encryption only by setting the proper options in /etc/conf.d/cryptfs and changed "/dev/hda2" to "/dev/mapper/crypt-swap" in the line for the swap-partition in /etc/fstab. Was up and running in notime, and works right out of the box like a charm.
Code: Select all
/dev/hda5 none swap sw 0 0It only needs to be used once. Have a look for yourself.Master One wrote:I am just getting into that encryption matter, and I was wondering:
1. On most machines with large amount of RAM (> 512 MB), swap gets hardly used at all, so do you really think it makes sense to nevertheless encrypt it?
Code: Select all
strings < /dev/SWAP | less
Code: Select all
cat /etc/conf.d/local.start
# /etc/conf.d/local.start:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/conf.d/local.start,v 1.4 2002/11/18 19:39:22 azarah Exp $
# This is a good place to load any misc.
# programs on startup ( 1>&2 )
cryptsetup -c aes create home /dev/hdb1
mount /dev/mapper/home /home
Alright, I'll bite.Vietor wrote:It only needs to be used once. Have a look for yourself.then search for your root password. . . .Code: Select all
strings < /dev/SWAP | less
Also consider, what is the point of encrypting your swap? To protect your system.
Consider the attacker who gains access to an account on your system for a few minutes. Then proceeds to run code that expands to fill all available RAM, pushing everything else out to swap.
When designing for secure operations you must hypothetically grant the attacker control of everything but that which you are currently trying to protect. Fight them as if they had everything else at their disposal. Otherwise you are only prepairing yourself for failure.
No way? There's always a way...Chaosite wrote:But, where exactly is it? Its 1 string out of many. There is no way an attacker can find out exactly which one of the many strings represents your root password.
Words of wisdom...Vietor wrote:When designing for secure operations you must hypothetically grant the attacker control of everything but that which you are currently trying to protect. Fight them as if they had everything else at their disposal. Otherwise you are only prepairing yourself for failure.
May I quote you on that?) and it seems to work, but I am not sure, if I did everything right when installing it. My swap Partition is /dev/hda1Code: Select all
/dev/hda1 none swap pri=42 0 0
Code: Select all
root # dmesg | grep swap
Adding 1036152k swap on /dev/hda1. Priority:42 extents:1
Adding 1036152k swap on /dev/mapper/swapdev-hda1. Priority:0 extents:1
Code: Select all
root # strings < /dev/mapper/swapdev-hda1
Code: Select all
root # strings < /dev/hda1
Maybe I'm just understanding the whole thing not thoroughly enough, so can anyone tell me, what's wrong here? You mean that you do the following:alberich wrote:Hi,
I've installed your script (great work!
The /etc/fstab entry:So when I boot Gentoo, dmesg gives the following message:Code: Select all
/dev/hda1 none swap pri=42 0 0
Executing the command strings on each partition gives forCode: Select all
root # dmesg | grep swap Adding 1036152k swap on /dev/hda1. Priority:42 extents:1 Adding 1036152k swap on /dev/mapper/swapdev-hda1. Priority:0 extents:1
some strange output as it should be. ButCode: Select all
root # strings < /dev/mapper/swapdev-hda1
(that's the swap partition) yields the same output as I had before encrypting the swap partition. It's just plaintext.Code: Select all
root # strings < /dev/hda1
That shouldn't be, but I don't see any error...
Cheers
um, no I mean directly after finishing the boot process. After I log in I can do aSachankara wrote: You mean that you do the following:
1. Encrypts the swap partition using the script.
2. View the data on the encrypted swap partition.
3. Restores the original swap partition.
4. View the data on the swap partition.
?
Then the answer is simple, the encrypted data is still present after you've restored the swap partition (but it is encrypted). If you are paranoid and doesn't even want the encrypted data to remain after an restore, then set the variable "PARANOIA_MODE" to 1 within the script.
Code: Select all
strings < /dev/hda1Code: Select all
strings < /dev/mapper/swapdev-hda1root # grep swap /etc/fstab
/dev/hda2 none swap sw,loop=/dev/loop/2,encryption=AES128 0 0
root # losetup /dev/loop/2
/dev/loop/2: [000a]:1344 (/dev/hda2) offset=4096 encryption=AES128 multi-key-v3
root # swapon -s
Filename Type Size Used Priority
/dev/loop/2 partition 2008112 2644 -1
I'm unable to do it right now, but perhaps in two weeks from now. I'm currently studying four courses at the same time, which is equal to 80 work hours a week.Nimo wrote:Could you not please make a version of the script that will work with initng to? (if it's not too much work)
i think the point in swap-encryption is to keep critical data save between poweroffs and/or reboots.Vietor wrote:
Also consider, what is the point of encrypting your swap? To protect your system.
Consider the attacker who gains access to an account on your system for a few minutes. Then proceeds to run code that expands to fill all available RAM, pushing everything else out to swap.
