[Ubuntu Chicago] Ubuntu encrypted Private directories
eddiemartinez at gmail.com
Mon Nov 3 00:30:11 GMT 2008
I'm not expert but it sounds to me like it would be easier to crack the md5
hashed login password/passphrase than it would be to attack the ~/private
dir... The benefit comes from having a machine rooted and still having the
private directory to be called 'secure' because those two would be
independent, as you mentioned. The section about, "The pam_ecryptfs module
captures the user's login password and uses that to unwrap their encrypted
~/Private mount passphrase" indicates that libpam/pam are used by the
pam_ecryptfs module as part of the KDF function for generating the secret
key for ~/Private.... This is actually more secure than rooting a machine or
editing /etc/shadow because doing so changes the md5 hash of the password in
/etc/passwd. If someone roots a machine and does 'passwd' and generates a
new root password, they will be locking themselves out of the secret key
which was used to encrypt ~/Private in the first place (asssuming no
At least this is my understanding, but I would still suggest SHA-512 instead
of md5 for PAM, as well as grub passwd, seperate /home, /swap, /var, etc.,
encrypted using something like AES 256, non standard passphrases/user names,
the whole nine yards.
What I do find strange in the implementation of this, from the guides that
I've seen is the need to do a syslink to tell ~/private where the actual
files are located, as well as their handling of .ssh, but if anyone can talk
about this, I'd be more than interested to hear about it on the list.
On Sun, Nov 2, 2008 at 5:56 PM, Jim Campbell <jwcampbell at gmail.com> wrote:
> Hi All,
> At yesterday's ChiGLUG meeting a couple of us finished up the Ubuntu 8.10
> discussion by talking about the encrypted Private directories feature that
> is new to Ubuntu in version 8.10. Someone had brought up whether the setup
> of the encrypted directories use PAM to mount the encrypted folder, and I
> wasn't fully sure.
> I did some checking today, and found some info that I thought I'd share:
> From one of the pages, "The pam_ecryptfs module captures the user's login
> password and uses that to unwrap their encrypted ~/Private mount passphrase.
> It also executes mount.ecryptfs_private on login, and
> umount.ecryptfs_private on logout." Without knowing too much about it, it
> seems to me that the pam_ecryptfs module would be different than the
> standard pam or libpam module, but I'm not a 1337 hax0r or anything. I also
> know we've got some security experts in ChiGlug and Ubuntu-Chicago, so I
> thought I'd just bring these up as a point of discussion.
> I guess, to me, it seems like you're still toast if someone knows your
> username and password (as per usual), but it prevents someone who gets root
> access from being able to easily get at the data in the ~/Private
> directory. Seems like they could still hack on shadow passwords somehow if
> they got access, and the setup isn't as strong as encrypting an entire /home
> and /swap partition, but this just makes things one step more difficult.
> Any other thoughts on this?
> Ubuntu-us-chicago mailing list
> Ubuntu-us-chicago at lists.ubuntu.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ubuntu-us-chicago