No subject
Fri Oct 31 13:49:26 GMT 2008
password and uses that to unwrap their encrypted ~/Private mount passphrase.
It also executes mount.ecryptfs_private on login, and
umount.ecryptfs_private on logout." Without knowing too much about it, it
seems to me that the pam_ecryptfs module would be different than the
standard pam or libpam module, but I'm not a 1337 hax0r or anything. I also
know we've got some security experts in ChiGlug and Ubuntu-Chicago, so I
thought I'd just bring these up as a point of discussion.
I guess, to me, it seems like you're still toast if someone knows your
username and password (as per usual), but it prevents someone who gets root
access from being able to easily get at the data in the ~/Private
directory. Seems like they could still hack on shadow passwords somehow if
they got access, and the setup isn't as strong as encrypting an entire /home
and /swap partition, but this just makes things one step more difficult.
Any other thoughts on this?
Jim
------=_Part_60225_21331420.1225670201793
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hi All,<br><br>At yesterday's ChiGLUG meeting a couple of us finished up the Ubuntu 8.10 discussion by talking about the encrypted Private directories feature that is new to Ubuntu in version 8.10. Someone had brought up whether the setup of the encrypted directories use PAM to mount the encrypted folder, and I wasn't fully sure. <br>
<br>I did some checking today, and found some info that I thought I'd share:<br><br><a href="https://wiki.ubuntu.com/EncryptedPrivateDirectory">https://wiki.ubuntu.com/EncryptedPrivateDirectory</a><br><a href="https://help.ubuntu.com/community/EncryptedPrivateDirectory">https://help.ubuntu.com/community/EncryptedPrivateDirectory</a><br>
<br>From one of the pages, "The pam_ecryptfs module captures the user's login password and uses
that to unwrap their encrypted ~/Private mount passphrase. It also
executes mount.ecryptfs_private on login, and umount.ecryptfs_private
on logout." Without knowing too much about it, it seems to me that the pam_ecryptfs module would be different than the standard pam or libpam module, but I'm not a 1337 hax0r or anything. I also know we've got some security experts in ChiGlug and Ubuntu-Chicago, so I thought I'd just bring these up as a point of discussion. <br>
<br>I guess, to me, it seems like you're still toast if someone knows your username and password (as per usual), but it prevents someone who gets root access from being able to easily get at the data in the ~/Private directory. Seems like they could still hack on shadow passwords somehow if they got access, and the setup isn't as strong as encrypting an entire /home and /swap partition, but this just makes things one step more difficult. Any other thoughts on this?<br>
<br>Jim<br>
------=_Part_60225_21331420.1225670201793--
More information about the Ubuntu-us-chicago
mailing list