Password Security and Encryption
One of the most important security features used today are passwords or more appropriately, the Passphrase. It is important that you to have secure, unguessable passwords and passphrases.
But first....
A recap of what we are trying to protect and from what
If you have protection from the worst case scenario, that of computer theft or seizure, then you automatically protect against the lesser threats down to children and the curious.
As already covered, BIOS, boot and login passwords are no defense against someone that has your hard drive in their hand.
Some might argue that a way to detect local (and also network) attacks on your system is to run an integrity checker like Tripwire, Aide or Osiris. These integrity checkers run a number of checksums on all your important binaries and config files and compares them against a database of former, known-good values as a reference. Thus, any changes in the files will be flagged.
This sounds good on the surface, but in practice it falls apart miserably. First, it is no protection from someone making a copy of your files.
Next, if you implement such software you quickly see that user files and some system files like /var/spool change very often. If you exclude them from the reports, those are entry holes for malicious code. If you check them, you get vast reports of changes you will never have the time to go over and can easily miss an important change. For system wide checking, these are cumbersome and overall not effective for protecting a system that in the worst case has been stolen, seized or in some way compromised. (Though later we have an excellent use for Aide in the plan)
The only thing that stops someone from tampering with the data or copying it is strong encryption – and that is the bottom line.
Files are never Deleted
As we delve into this, keep in mind that data on your hard disk is NEVER deleted. Delete or reformat all you want and the space is only marked as “available” to be written to again. Whatever “was” there still “is” there.
Linux normally uses the ext3 file system. These do not fragment, but they are journaling files systems. This is great for data integrity as a journal is kept and restoring broken files from things like a power failure become easy. It is a horrible thing because even if you “wipe” a file and over write it, part of it is surely still in the journal.
And perhaps worse yet, Linux runs a special partition called “swap”. When memory gets low, Linux writes data to swap until it is needed again. Although this is marked as “available” on the next boot, it is still a disk partition and whatever “was” there still “is” there. Nothing ever gets deleted.
These are the reasons why just placing important files into a PGP /GPG encrypted file is futile. Whatever that data is, it was on the disk unencrypted and even if you “delete” it, it is in fact still there waiting to possibly be overwritten. So, great, a PGP secure file for your sensitive data – but also a copy unencrypted sitting on your disk.
If you want to see how easy it is, get a free copy of Helix, over at http://www.e-fense.com/helix/ This is what the State sponsored thugs all use.
Whole disk encryption – Encrypted /root
In-depth discussion of encryption is beyond the scope of this document, but an introduction is in order. Encryption is necessary in this day and age. There are all sorts of methods of encrypting data, each with its own set of characteristics and applications.
Although whole disk encryption for Linux has been around for a number of years now, installing it was for the serious Linux Geek only. The encryption was easy, getting the system moved to an encrypted partition, then getting it to boot and process the passphrase was the hard part.
In simple terms, the technique comes down to three methods:
-
Use dm-crypt or more specifically, dm-crypt-luks to encrypt the /root partition of the disk, and leave the /boot partition unencrypted so it can boot. In this set-up, the system will boot, then ask for a passphrase to unlock /root, then continue to bring up the system.
-
As above, but place the /boot partition on a removable USB device
-
As in number 1, but place the /boot partition on a removable USB cryptographic token device.
Each of these has its advantage and disadvantage.
In the first case, we have all the system files protected by a passphrase and with 256 bit aes encryption that is the accepted standard for US Government Top Secret documents. If this encryption is good enough to hide the worlds most heinous criminal secrets, it should be good enough for you! On the other hand, /boot is exposed and malicious code or a software Key Logger could easily be installed there, then move over to the system once it is unlocked.
To over come this limitation, this is a case where we can use a System File Integrity Checker like Aide. Checking only the directories of /boot and the files for changes, additions or deletions is a minor task compared to checking the entire system. Aide and its files can be kept on the systems encrypted drive for ready use, or better kept on some removable media like a USB drive. With this set-up, you can check if /boot has been compromised in any way.
And of course in the case of theft or seizure, access to /boot will do them no good. They would still need your passphrase or have to brute force crack it (more on passphrases to follow)
In the second case, this is more or less just installing /boot to a USB drive (sda1), then installing the system /root to another physical drive (sdb1). The advantage here is that without the USB drive, the system will not boot at all and there is no place to put a key logger or other malicious code as the sdb1 disk is encrypted. The down side of course is, if you loose the USB drive, you too will have a hard time booting the system. Though as long as you do not forget the passphrase, you could eventually get access to the drives contents.
In the third case, there is the possibility to setup for no prompt for a passphrase. In short, the USB device is a cryptographic token key. So, the good part is no passphrase needs to be remembered. On the down side, this USB key becomes a lot like a house key. But unlike a house key, if you loose this key, or it becomes defective, there is no locksmith to get you in, no window or door to break. The data is lost forever. Thus, you end up making some back up keys and then have the issue of where and how to secure those. Also of bad news here is that unless you have some way to assure the key will also not be stolen or seized from you, whoever has the key has easy access.
Where can you get it?
Other than being a super Geek, the only distributions that will set-up an encrypted /root at installation are Debian, Ubuntu and Fedora 9. This is part of the normal Debian text installer and under Ubuntu it is called the “alternate” installer.
In either Debian case, it is not much more than a kludge, in that it only sets up the entire disk as a logical volume, encrypts it with dm-crypt-luks and leaves /boot exposed. (Note: Some claim to have had sucess using the manual partitioning. Though the manual partitioner is anything but user friendlly)
Selecting the option of "Encrypt Entire disk using LVM" there is:No support for a dual boot system.
No support for installation of /boot to a USB drive
Although it uses LVM to place /root and swap on a logical device, it has no provision to span disks – one of the great features of LVM.
No support for cryptographic keys.
No, they just have the basic setup. But it does work.....
Fedora 9: They have been working on it in one way or another for over 3 years. Although they were a full year or more behind Ubuntu / Debian in offering it, what they have is good. From the GUI, they have built into Disk Druid, setup a single disk with encrypted root, LVM with one disk, or span disks, or even setup encrypted RAID. /boot can be on a fixed or removable device. The only thing I did not see was cryptographic token support...
Which method to use
For what is available, passphrase only encryption and an exposed /boot, this can be very effective with a little effort.
In the case of theft or seizure, your data is safe. Protecting /boot with an integrity checker is not difficult if you follow the steps I outline later. You can check /boot when the system is running and you can also check it from a Live CD with just a few steps. It is not difficult, takes only a few minutes and is very effective. The only other hazard is the physical Key Logger and defeating those has already been covered.
What is available today can be a very, very effective deterrent to almost any threat.
Building a better passphrase
128 bit encryption is strong, though some rumor it has been or is at least possible to hack that. The US Government standard for Top Secret is 256 bit aes, and that is also what is readily available on Linux. With 64 bit processors now common, a 512 bit aes is being developed. When you use GPG, the largest key pair you can make is 2048 bit and with commercial PGP, they allow up to 4096 bit (interestingly they work with GPG, even though GPG will not make a key that big).
For any of the above, the possibility of anyone, even government thugs breaking the encryption is nearly zero. Yes, it is that strong..
The weak point in these is the passphrase. Unless you have a monster size passphrase (and you should), cracking your password / passphrase is far easier than cracking the encryption. (And easier yet, is the Key Logger, hence the popularity of them with criminals of all kinds...)
As a reference to how long it takes to crack a password, I downloaded a copy of RAR Password Crack. This is a commercial (and poorly written) windows application for cracking passwords of RAR compressed files.
From a brute force aspect, this program can check numbers, upper case letters, lower case, special symbols or all of them. When it runs, it works at the rate of about 80 characters per second. But I noticed it did not use 100% of both CPUs. When I stared a second instance of the program, that one also ran at about 80 characters per second, so if properly coded, it should have done at least 160 per second on a humble dual CPU pc.
If someone is a determined hack or State sponsored, having tens of CPUs or even a few hundred working on this at once is very feasible. So, a rate of well over 1000 per second is possible. Keep that in mind as we build a passphrase.
Starting with perhaps the worst, is a 4 number password. 9999 combinations and even at 160 per second, within 62.49 seconds, it is cracked.
Next worst are words. If you use words only, a dictionary attack will be much faster than a brute force attack. For example, there are about 80.000 possible words in English if you count all the plurals and conjugations. At the rate of 160 words per second, they are all tried in 500 seconds or say 8.33 minutes.
To be an effective password, it really needs to be a passphrase and that phrase needs to contain numbers, upper and lower case letters as well as some special characters. When you have that, the only choice to crack it is brute force and this is where it gets tough for the cracker.
The basic ascii code as used in English is
128
characters, of those 33 are non printing.
http://en.wikipedia.org/wiki/ASCII
If this is what you use, one way to express a password of 4 characters would be 128^4, though with the non printing characters, it would be more like 95^4 and that is 81,450,625 combinations. Although that might look like a lot, at 1000 tries per second, it is cracked in about 22 hours, and at 10.000 per second on a serious computer, just over 2 hours.
Now, if you use the extended ascii set, that is another 128 for a total of 256 characters, though at least 33 of those are non printing as well. For the sake of discussion, we will put the extended set at say 200 possibilities.
How to remember a long passphrase
The key is to think of something you already know well with words, then modify it a bit so that only a brute force attack can be used.
Not a passphrase I would use, but part of Psalm 23 as an example. Yeah though I walk through the valley of the shadow of death, I fear no evil. For thy rod and thy staff comfort me. Well, as is, it is all words and subject to a dictionary attack – long, but not good. However, if changed to something blasphemous like:
Yeah though I walk through the valley of the shadow of death, I fear no evil. Cause I be da big est, bad est, sum bitch in dis here valley. Sheeeet dawg mama, dig dis. §Psalm:23-mysheet!
The blasphemous version comes to 186 characters. With the slang spelling of words, plus numbers and symbols, a dictionary attack will fail. With brute force, we have the range of upper case, lower case, numbers and symbols such as : and §
To crack that example, one could expect something like 200 (possibilities) (for)^186(places) and that goes off my calculator. Just 2^186 is 9.8 and 55 zeros, 20^186 is 9.8 and 241 zeros, so 200^186 will be huge!
So, it is mostly a matter of remembering some phrase (pledge, prayer, movie line, famous quotation) , then mangle it and sprinkle in some special characters. And even if it is short, you can repeat it a few times to get the maximum effect.
Then you have the super passphrase.
"Crack" and "John the Ripper"
For your own interest, you might want to run a password-cracking program and make sure your' passwords are secure or just to see how it is done..
Crack and John The Ripper Password cracking programs work on a simple idea: they try every word in the dictionary, and then variations on those words, encrypting each one and checking it against your encrypted password. If they get a match they know what your password is.
There are a number of programs out there...the two most notable of which are "Crack" and "John the Ripper" (http://www.openwall.com/john/) . They will take up a lot of your CPU time, but you should be able to tell if an attacker could get in using them.
How Vulnerable your data is. A Summary
If your disk in not encrypted, with my LiveCD and or USB in hand, all the data on your computer is available to me in a matter of minutes. Boot passwords, login accounts and passwords, they are all a useless defence.
Though a BIOS password would slow me down, it is hardly fool proof and easily bypassed. With access to your computer, if I have my laptop, I have no need for your BIOS and CPU. I can connect your drive directly to my Laptop and copy or change whatever I wish.
Just to mention a few places to wreck havoc:
Your ~/.mozila folder will contain all of the settings and passwords you use with Firefox. Once I grab a copy of that, I can drop it into my computer and have access to all your saved web sites and the saved passwords.
Your ~/.mozilla-thunderbird folder will not only have all your mail, but also all your account settings and passwords. Once I copy that to my computer, I can read all your mail, intercept all new mails that come in – and even send out mails from your account telling your wife or girl friend it is all over now.
If you look around your computer, there is a very good chance you will find data or files that in the wrong hands will cause you great difficulties.
Should you install your system with encrypted /root, then all of my tools to gain access become worthless. The encryption can not be cracked, and if you have a good passphrase, that can not be cracked either.
In this case, all I am left with is to plant a key logger.
As mentioned above, it is easy to find a software key logger with Aide. With some prudent steps, you can reasonably guard against the hardware type as well. And with any key logger, I must have a second access to your box to collect the data they gathered.