I was shocked to discover that my password could be easily reset via the command line. Does that mean anybody with physical access to my machine could reset the password and read the encrypted contents of my home folder? If so, how do I prevent it from happening?
Asked
Active
Viewed 218 times
2 Answers
3
Does that mean anybody with physical access to my machine could reset the password and read the encrypted contents of my home folder?
No, home encryption is linked to that password so if I stole your computer and changed the user password, I wouldn't be able to easily (more on that later) decrypt the data.
That said, access to recovery mode means getting root on the disk and as root I can script anything to run in the background... I could implement a key-logger or other nastiness to sniff out your password as you entered it, or access the data once decrypted without you knowing.
You can disable recovery mode or set a password on grub to prompt the user if they want anything but the standard option. Of course somebody could slip a bootable USB stick or DVD in and mount the disk externally so you should also change the boot order (and password protect BIOS) to only boot to the first harddisk.
That stops the laziest hackers. If somebody has a screwdriver with them, a laptop and a SATA→USB bus, they can just pop the drive out and mount it on their laptop, change your password and put everything back. I reckon I could do the whole thing in well under five minutes. Even less on a laptop as their drives are often more accessible.
If you want to defeat me, you'll need to encrypt the whole thing at install-time. That means a reinstall and you needing to enter your password in each time.
But even then, as dobey says, if I really want the data, I'll clone the disk as a raw image file (~20minutes), and use an EC2 cluster to crack it (hours, days, weeks)... Or a $5 wrench and your fingers (seconds)...
1
Use full disk encryption instead. And limit physical access to your machine.
If someone has physical access to your machine, they could simply steal your disk and take it elsewhere to eventually break the encryption as well.
dobey
- 41,650