[NBLUG/talk] How do you handle physical device passwords?

Kevin Ablett highenergy09-linux at yahoo.com
Tue May 9 09:45:25 PDT 2017 

i am running Windows 7 on my development computer.  I have no password and no virus protection.  I have never had a problem.  How do I get away with this?  It is not connected to anything.  

    On Tuesday, May 9, 2017 9:26 AM, Rick Moen <rick at linuxmafia.com> wrote:
 

 Quoting Allan Cecil (allan at nblug.org):

> My brute force concern was one of "my laptop was stolen".  Now, I have
> an encrypted home partition but not an encrypted disk (on one of my
> laptops, anyway) and thus /etc/password and /etc/shadow are in theory
> accessible if the volume is mounted which would in theory allow an
> offline dictionary attack.

Even a system with encrypted disk suffers credible threat models if
stolen while powered up.  The major spook agencies have efficient means
to attack running systems, which I won't go into further here, but you
can find descriptions in the usual places (Schneier's blog and
Crypto-Gram, etc.)  And, over time, techniques pioneered by the spooks
trickle down to lower-rent attackers, too.

One interesting hypothetical is:  I'm about to visit a country known to
be nosy about travelers' laptop computer.  (Pick your favourite bad boy.)  
What measures should I take to ensure that I don't have various types of
problems (of which several can be named)?  EFF has published some guides
giving advice about this problem.


> Even the low attack rate of SSH passwords is too high for me so I've
> disabled password-based login entirely.

As the saying goes, choose your own level of paranoia.  ;->  I've seen
so many cases of stolen public keys that I have my doubts about this
avoidance having advantages that outweigh the drawbacks.

> Not as a matter of security by obscurity but more because I have
> multiple hosts on one IP address I also use a non-default SSH port
> which substantially reduces attacks.  

You call those attacks.  I call them doorknob-twisting.  (But see
traditional saying.)
_______________________________________________
talk mailing list
talk at nblug.org
http://nblug.org/cgi-bin/mailman/listinfo/talk


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nblug.org/pipermail/talk/attachments/20170509/5cba1f18/attachment-0001.html>

More information about the talk mailing list