torben2
June 28th, 2008, 07:22 AM
Hello everybody,
I am using Hardy with encrypted /home and swap, which works fine. To make things easier I use the same (fairly complex) password for both Samba, console login, SSH key passphrase and DM-Crypt (LUKS). At least synchronization between console and LUKS are necessary for pam_mount to work.
Plus, the LUKS header contains severall (fairly strong) passwords since we have multiple users who must be able to mount /home on login.
To my knowledge,
- /etc/shadow is a MD5 hash of the password plus a "salt"
- smbpasswd is an "encrypted" version of the password (how?)
- LUKS stores the password in some sector of the harddisk, encrypted (how?)
- the SSH key passphrases are also (fairly securely) encrypted.
How secure is this? Given total access to the harddisk, which is least secure?
Is it possible/feasible/... to recover my password from the shadow or smbpasswd databases?
Thanks for any thoughts and insight!
I am using Hardy with encrypted /home and swap, which works fine. To make things easier I use the same (fairly complex) password for both Samba, console login, SSH key passphrase and DM-Crypt (LUKS). At least synchronization between console and LUKS are necessary for pam_mount to work.
Plus, the LUKS header contains severall (fairly strong) passwords since we have multiple users who must be able to mount /home on login.
To my knowledge,
- /etc/shadow is a MD5 hash of the password plus a "salt"
- smbpasswd is an "encrypted" version of the password (how?)
- LUKS stores the password in some sector of the harddisk, encrypted (how?)
- the SSH key passphrases are also (fairly securely) encrypted.
How secure is this? Given total access to the harddisk, which is least secure?
Is it possible/feasible/... to recover my password from the shadow or smbpasswd databases?
Thanks for any thoughts and insight!