Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Password required to Encrypt home folder

  1. #1
    Join Date
    May 2005
    Beans
    201

    Password required to Encrypt home folder

    Hey Ubucrew,

    I've got a rather general question about Encrypted home folders. First off, I'd like to know what exactly that means. Does that mean that my home directory is somehow scrambled? And if so, does that mean if someone put a LiveCD into my computer and booted to a Ram environment linux (like the Ubuntu installer for example) would they not be able to see my home directory? If they couldn't see it, what would they see instead?

    Lastly, twice now my computer has asked me to generate the passphrase to recover my password. Is this because I installed the latest updates?

    I'm on Ubuntu 10.04 LTS
    Ubu,noobu

  2. #2
    Join Date
    May 2009
    Location
    London
    Beans
    141
    Distro
    Ubuntu

    Re: Password required to Encrypt home folder

    Be very careful with the encrypt home folder option...If, for whatever reason you have to ever do a complete reinstall you will not be able to recover your docs from the encrypted file. I had a problem when I first tried Natty. I installed compiz (turned out there were bug issues between unity and compiz) lost all desktop functionality. Forgetting that I had encrypted I went ahead and made copies of everything in home (luckily not a lot) to a dvd.
    Later when I tried to drop them back into a freshly installed 11.04 I discovered that they were all unreadable. I had reformatted and reinstalled over the original encrypted Natty, thereby losing it forever (are files like these decryptable forensically, I wonder?)
    So, I'm just warning you to be very careful with home folder encryption and ensure you keep the unlock code in a safe place.
    So far I have not been able to restore any of the encrypted files on the dvd, if anyone has a solution I would be interested to hear.

  3. #3
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Password required to Encrypt home folder

    Quote Originally Posted by wh33t View Post
    Hey Ubucrew,

    I've got a rather general question about Encrypted home folders. First off, I'd like to know what exactly that means. Does that mean that my home directory is somehow scrambled?
    Yes. That's what encryption does -- scrambles data so that it cannot be read by anyone who does not have the key.

    And if so, does that mean if someone put a LiveCD into my computer and booted to a Ram environment linux (like the Ubuntu installer for example) would they not be able to see my home directory? If they couldn't see it, what would they see instead?
    They could not see your data. Instead if they looked at it (with a hex editor for instance) they would see random hex data that makes no sense.

    Lastly, twice now my computer has asked me to generate the passphrase to recover my password. Is this because I installed the latest updates?

    I'm on Ubuntu 10.04 LTS
    It's probably just asking for you to create a password so that if you get locked out of Linux somehow you can still access the data through some other means with the password. But, I don't know for sure as I don't use the option. (I hate it, not because it doesn't work, but because of how it works. I much prefer to use LUKS/dm-crypt to encrypt my entire operating system).
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  4. #4
    Join Date
    May 2005
    Beans
    201

    Re: Password required to Encrypt home folder

    Quote Originally Posted by rookcifer View Post
    YI hate it, not because it doesn't work, but because of how it works. I much prefer to use LUKS/dm-crypt to encrypt my entire operating system).
    Does that slow your machine down quite a bit? I guess it would boot to a password screen which would decrypt your entire OS?

    ortermagic also had an interesting question. He copied over his Encrypted home directory to a disk but till this still hasn't retrieved it. Is there any utility out there that can brute force the encryption until they get access to it? I'm probably ok with that, as long as it takes a little while, more while than it's worth is what I'm thinking.
    Ubu,noobu

  5. #5
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Password required to Encrypt home folder

    Quote Originally Posted by wh33t View Post
    Does that slow your machine down quite a bit? I guess it would boot to a password screen which would decrypt your entire OS?
    Won't be noticeable on a modern CPU.

    ortermagic also had an interesting question. He copied over his Encrypted home directory to a disk but till this still hasn't retrieved it. Is there any utility out there that can brute force the encryption until they get access to it? I'm probably ok with that, as long as it takes a little while, more while than it's worth is what I'm thinking.
    There is nothing that can brute force it. If there were, it would make the encryption pretty worthless. The only thing an attacker could do would be to brute force your password.
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  6. #6
    Join Date
    May 2005
    Beans
    201

    Re: Password required to Encrypt home folder

    Quote Originally Posted by rookcifer View Post
    There is nothing that can brute force it. If there were, it would make the encryption pretty worthless. The only thing an attacker could do would be to brute force your password.
    Of course! The password. I guess depending on how good your password is the longer/shorter it takes to brute force it. It could be brute forced fairly quickly these days couldn't it? Surely a modern cpu could run through millions of possible password combinations every hour or so?
    Ubu,noobu

  7. #7
    Join Date
    Mar 2011
    Beans
    680

    Re: Password required to Encrypt home folder

    How quickly it can be bruteforced depends on what method the password is hashed. Different hashing mechanisms taken different amounts of time + you can hash multiple times (multiple passes) to increase bruteforce time.

    I don't know what Ubuntu uses. Just use a 12+ character password and you're fine.

  8. #8
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Password required to Encrypt home folder

    Quote Originally Posted by wh33t View Post
    Of course! The password. I guess depending on how good your password is the longer/shorter it takes to brute force it. It could be brute forced fairly quickly these days couldn't it? Surely a modern cpu could run through millions of possible password combinations every hour or so?
    Basically what Hungryman said. There is a standard for password hashing known as PBKDF2 which basically runs your password through a hash a bunch of times so that it takes longer to access the volume with the password (that's a very simplified description).

    I don't know if the /home folder encryption does this or not. But, as Hungryman said, just use a good strong password and it shouldn't be an issue anyway. 12+ characters with upper/lowercase and a few numbers is good enough.
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  9. #9
    Join Date
    May 2005
    Beans
    201

    Re: Password required to Encrypt home folder

    Quote Originally Posted by rookcifer View Post
    I much prefer to use LUKS/dm-crypt to encrypt my entire operating system).
    I've been trying to find guides on LUKS/dm-crypt and I can't seem to find any ones that really explain what I'm looking for. Can you recommend any guides on how to encrypt the entire Ubuntu OS?
    Ubu,noobu

  10. #10
    Join Date
    Sep 2009
    Location
    Shropshire, England
    Beans
    59
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Password required to Encrypt home folder

    As someone who knew nothing about encryption I followed this guide and it worked for me.

    http://www.howtoforge.com/encrypting...ion-ubuntu8.04

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •