Fedora Core 3 & Core 4 Password questions

Discussion in 'Computer Security' started by Brandon, Aug 9, 2005.

  1. Brandon

    Brandon Guest

    Is there any length of complex password that can be assigned to the ROOT
    that cannot be hacked if the person hacking has console access? I am selling
    a software product that I do not want the users to have access to. The only
    account on the server will be ROOT. I wanted to use a password 32
    characters/numbers/symbols or higher. Main thing is no one must get in.

    email mature @ hushmail.com

    Brandon, Aug 9, 2005
    1. Advertisements

  2. Brandon

    Moe Trin Guest

    In the Usenet newsgroup alt.computer.security, in article
    Console access? Why bother hacking when there are quite obvious ways
    around it from that point.
    Then don't install it on the users hardware, or hardware that the users
    have access to.
    With the modern MD-5 hash system, this is easy - after all, you want to be
    the only person with root, so you can set the password as you like. Of
    course, it only takes a few minutes AT MOST to bypass this.
    Physical access beats five aces. If you want the system to be totally
    secure, encrypt the drive, and require the password to be entered each
    time the system boots. You can't keep the password on the system, or
    allow it to be entered over the network, as either method can be compromised
    very easily. Not practical, you say? Neither is your desire to prevent
    anyone from accessing the software.

    Old guy
    Moe Trin, Aug 9, 2005
    1. Advertisements

  3. Brandon

    Winged Guest

    Old guy is right on this one. If you don't control the hardware, the
    software can be retrieved.

    Passwords make no difference, the disk directly accessed and software
    copied as simply as inserting a CD (for example) with the OS that mounts
    the disk where one knows the password.

    One can just dupe the disk and one can hack the copies to their hearts
    content while still using the original copy. The system manager may not
    even be aware this copying has occurred, it takes only a few minutes.

    Even if you use hardware keys (there are several flavors on the market).
    Someone who has enough patience can work their way through the locks.
    You may slow them down, but in the end it will be accessed.

    There are several other viable approaches, but if you are relying on a
    password to lock the OS down, to protect you, forget it.

    Winged, Aug 10, 2005
  4. Brandon

    Moe Trin Guest

    In the Usenet newsgroup alt.computer.security, in article
    You mean like those old dongles that you used to have to attach to the
    parallel port? Yuck!
    Copy protection schemes have been around since before IBM introduced
    the PC in 1981. This ranged from the above noted hardware dongles, to
    requiring the floppy or tape which used a strange format, to a "hidden"
    disk file in a hidden directory, or even recording exactly where (track,
    sector, and head) some file was put on the disk... you name it, it's
    been tried - maybe even before you were born - and it did not work then.
    Want to put it on a USB or Firewire device? Want to think that differs
    from what has been done before?

    Old guy
    Moe Trin, Aug 10, 2005
  5. Brandon

    David Guest

    Everyone is right on this - if your users have physical access to the
    machine, all it takes is a Linux boot disk and a chroot command to
    change the root password anyway. If you are really hardcore, you need
    to encrypt the harddrive and have people enter a password every time the
    system is booted. That, and make sure the hardware is locked and
    physically secure. If you really want to do this, I would recommend a
    program called loop-aes. It's somewhat difficult to use, but if setup
    properly, can be VERY secure.

    Good luck,
    David, Aug 15, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.