I have been thinking about the security in common screen lockers in linux, and how to circumvent them.
Scenario
You are using a (any) linux dist with graphical desktop and login by dm. You have left your on-topic computer running unattended for a short time. The screen is locked with a medium password. To hard for a human to solve, but easy to brute force for another computer.
This very time does the police raid your home and takes control over your machine. Suspecting what’s inside, they want to open it. Knowing that the game is lost if they shut it down.
Possible solutions
1. They could use a device that pretends to be a keyboard, hammering passwords. But it would fail. Screen lockers only gives you one or a few tries before putting the typing on hold for a few seconds. Making it take far to long time.
2. They could connect another computer by network and hope for opening a ssh connection. In case this way is more forgiving. (I have no experience here.) But it shouldn’t be a problem if they can’t become root?
3. They could of course try to copy the content in ram, if that’s possible without keyboard and terminal.
4. Suggestions?
Background (For those who cares.)
I have made a small script that’s using the built in command for shutdown, and set it for some minutes in future. Then I lock the screen. (Canceling the shutdown when I’m back.) Thus I’m sure that if the computer is seized at this time, they will have about 15-30 minutes to solve the problem. I hope it’s impossible. Especially while they are unaware of the time limit.
Other Solution is:
Strangely enough, I ran into a security bug on my system related to hitting the power button on my keyboard. It doesn't actually result in a shutdown, but instead does a hibernate. Sounds harmless, right? Wrong. With modern computers, the memory space is generally way larger than a single user will ever actually use. And during setup, swap space is usually set to the size of memory. So ---- the entire contents of memory are copied to hard disk when you hit the power button on your keyboard. LEA who understand that will 1) make a clone of your hard drive just in case, 2 boot up linux on another drive and change the root password and the user's password, 3) boot the clone drive, login with the new password, and voila (cringe actually) our precious Veracrypt's hidden container is now open, because it was open when the system went into hibernate, and the Veracrypt state was saved.
Solution: Disable swap on any computer that is touched by owner, or at least turn swap off before you open your Veracrypt container.
Borgata Hotel Casino & Spa Reviews & Prices | MJH
ReplyDeleteBorgata Hotel Casino & Spa reviews, including 광양 출장마사지 real 군포 출장샵 guest reviews 안동 출장샵 and 양주 출장안마 ratings. Check 세종특별자치 출장안마 prices, photos & reviews. Rating: 3.4 · 1 review