[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Isn't this a security compromise?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Oct 14, 2015 at 10:07:48AM +0530, Himanshu Shekhar wrote:
> I searched today about what to do if one forgets his/her linux password.
> The following links described the process:
> https://pve.proxmox.com/wiki/Debian_reset_root_password
> http://xmodulo.com/how-to-reset-root-password-in-debian-ubuntu.html
> 
> These tutorials assume that a person has the possession of his/her machine
> which is true for non-mobile devices. But how can one make sure that the
> security of laptop/tablet having any distro of linux is not compromised?

As others have said, full-disk encryption mitigates this risk. I started
using that after I once left my laptop in a Metro in Rome, back in the
'90ies.

This will protect your data (provided your passphrase is strong enough) in
the case someone gets hold of your harddisk.

It won't protect you from

 - someone taking over your running system (think Javascript + a
   vulnerability in your browser

 - someone planting something in the part of your boot process
   *before* you enter the passphrase (the so-called "evil chambermaid
   attack[1])

- - - - - - - - -
[1] Yes, it's a sexist moniker. I don't like it either. Search engines,
    alas, only help you if you use it. Creative alternatives welcome!

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlYeI40ACgkQBcgs9XrR2kbBugCeKu9nCMwjPFkMpcySYdQm0cPh
xLUAn0RBhOUTvzXSiCYfSoN3gsoDfrXl
=A43J
-----END PGP SIGNATURE-----
Reply to: