Linux Passwords Cracked

Questions, answers, and news related to computer hardware and software

Linux Passwords Cracked

Postby Yogi » 07 Dec 2012, 13:06

This is seriously bad news for all you folks who thought your Linux passwords were well protected. Breakthroughs in cracking encrypted passwords have recently escalated exponentially. The brute force method takes an encrypted password and compares it to a database of all known encrypted passwords (hash). This means any word or combination of words and numbers from the English dictionary are vulnerable to being decoded by simply going through the list in the hash database. The article points out that Windows XP passwords can now be cracked in 6 minutes, or 5.5 hours if you have a really good one.

But the critical part of the article is the implications for Linux based systems:
Gosney’s GPU cluster is just the latest leap forward in password cracking in a year that has already seen prominent encryption algorithms deemed compromised by an onslaught of cheap compute power. In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and Linux-based operating systems was forced to acknowledge that the hashing function is no longer suitable for production use - a victim of GPU powered systems that could perform “close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,” he wrote. Gosney’s cluster cranked out more than 70 times that number - 77 million brute force attempts per second against MD5crypt.
Admittedly the clustered GPU technique, cheap as it is, applies to special circumstances. But, those special circumstances are common enough to challenge any feelings of security you might have formerly had about your Linux based operating system.

THE FULL STORY: http://securityledger.com/new-25-gpu-mo ... n-seconds/
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby kg » 07 Dec 2012, 20:07


There is NO OS that is safe. Of course, "Linux Fan Boys," who have become complacent in Linux's security, do need the heads-up (one they shouldn't need). Yes, Linux is more secure (by default) than Windows, but it takes an idiot to think that it's "Fort Knox," and even Fort Knox can be broken into.

Another point to consider: I'm giving changing my passwords to extra-long random letters, numbers, and punctuation a little thought. In fact, where allowed, I'm thinking of interspersing them with non-printable ASCII characters. But with all that processing power, it is likely possible to go through the entire ASCII "alphabet" from 0 - 255 in a (relatively) reasonable amount of time.
User avatar
kg
Honored 10k Club Member
Honored 10k Club Member
 
Posts: 10656
Joined: 06 Sep 2007, 23:45
Location: Godfrey, IL.

Re: Linux Passwords Cracked

Postby Yogi » 08 Dec 2012, 08:26

One of the basic arguments in support of Linux has always been it's intrinsic security features. That only holds true when compared to Windows, and the cited article narrows that down to Windows XP and earlier. A given operating system cannot be fail safe, but it can be made to not be worth the effort to crack. That is the ground on which Linux stands. Until recently it took millions of dollars worth of equipment and highly skilled hackers to make a system's password security fail. Now for the price of a few video processors the task has been enormously simplified.

The secret to successful passwords is length and complexity. Instead of passwords you should be thinking of pass phrases. Even dictionary words would be exceptionally difficult to crack if the phrase was long enough, and it doesn't even have to be complicated. For example, "My_name_is_YogiBear_and-I-want-in!" is the kind of password that borders on not making it worth cracking. Plus, it's easy for humans to deal with.

Your idea of using unprintable ASCII characters is good in that it increases the complexity, but it also makes it difficult to enter. How do you get a carriage return [ char(13) ] to be part of your password? LOL Most systems do not allow for weird characters because they are reserved system characters and can be used for such things as SQL injection. That's why things like retinal recognition were invented. Heck, you can even get THAT for Windows. :mrgreen:
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby Kellemora » 08 Dec 2012, 13:32

FWIW Yogi
Many distro's now have a failsafe timer to prevent constant repetition of password attacks.
On one of my machines, if I mistype the root password three times in a row, I'm locked out for 5 minutes, which I can adjust up to 9 hours if I want to.
So it doesn't bother me that some computer somewhere can try 70 million attempts per second. After 3 attempts, they are locked out for 5 minutes. And if they continue to try, after triggering the lockout 3 times, the only way to reset is to reboot the computer to clear the lockout table back to zero.
But before they can even get to a computer, they have to clear two stacked routers, then figure out which one of the 8 computers holds access to the data files.
I don't think anyone would waste their time, since I have very little of value, even if they did succeed in getting to the file servers data, then they would have to figure out my file coding system to find anything particular.

Remember, better Linux distro's use three separate and unique passwords, they have to crack the users password, then the administrative password to get to the root password. And now with the lockouts, it could take them months or years to get through the maze.

TTUL
Gary
User avatar
Kellemora
Brainiac Class Poster
Brainiac Class Poster
 
Posts: 3389
Joined: 07 Jul 2012, 18:52
Location: From St. Louis, current Knoxville, TN

Re: Linux Passwords Cracked

Postby Yogi » 08 Dec 2012, 16:07

I have a USB memory stick with a Linux system installed on it. Unless you have altered the BIOS, it's very likely that I can make any of your computers boot from my stick. All I have to do is copy your encrypted password file onto my memory stick, go home and do the decoding at my leisure. You would never know I was in your computer because the stick boot would leave no trace. Of course I'd have to get your permission to do it, or break into your house when you are not around. But, it's this kind of security failure that the article addresses. Only naive amateurs would attempt a direct front end attack.
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby kg » 08 Dec 2012, 16:19


Yogi wrote:All I have to do is copy your encrypted password file onto my memory stick, go home and do the decoding at my leisure.


Unless, of course, he has the entire partition/hard drive encrypted (which is a good idea, if you have very sensitive data), in which case you'll need a very large memory stick with a huge memory capacity, because you're going to be copying the whole thing to take with you. Then you'll have to decrypt it in order to find the password file so you can decrypt it. :doh:
User avatar
kg
Honored 10k Club Member
Honored 10k Club Member
 
Posts: 10656
Joined: 06 Sep 2007, 23:45
Location: Godfrey, IL.

Re: Linux Passwords Cracked

Postby Yogi » 08 Dec 2012, 19:55

To be honest I'm not sure how encryption is accomplished on Linux file systems. If it's anything like the password, then the encryption key can be discovered just as easily. Be that as it may, entire file systems are stored in The Cloud all the time. It's how file servers work. I would not be limited to my memory stick for storage space. :mrgreen:
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby Kellemora » 09 Dec 2012, 14:17

Assuming you did break into my house, got past 5 dogs, figured out which of eight computers controlled by file server and booted that computer from your memory stick.
No volatile data is stored on any of my computers.
It would be easier for you to just grab one of the external hard drives and get away with that.
Then would come the problem of finding an exact match raid controller card, what type of raid array I used and once you did that, you would than have to figure out the 124 characters used to generate the encryption code.
Then wade through 2 terrabytes of data, with hidden folders within hidden folders nested sometimes 5 deep with very obscure and LONG encrypted folder names.
And what would you eventually find?
Hundreds of folders of works-in-progress still in separate scenes, my accounting program data, or perhaps an old credit card. The most valuable thing you would find would be a list of all of my accounts and passwords, to on-line banking or credit cards. But do you have the most current one? Probably not, because the most current is not saved in a data file, it is in a notebook in my desk drawer, hi hi..... Often a post-it note stuck to my wall, amongst so many other notes, what it is for is meaningless to you.

FWIW: NONE of my data is stored in a cloud anywhere, for any reason. I don't feel putting something over the airwaves has any type of security at all. Nor storing data on equipment I don't own and control. Although I have a backup of everything here in St. Louis, on a privately owned file server, just in case my office and my house burn down or get blown up. So yes I do send my data over the public airwaves, neatly packaged and parceled into a continuous encrypted scatter file. Glenn will understand it if I said it is sent similar to Spread Spectrum radio signals. I have to snail mail the range for it to be hand entered at the other end, before I send a backup file, or they won't get it intact.

Also, isn't there a plug on the motherboard you can jumper that will clear passwords? Used to be eons ago!

TTUL
Gary
User avatar
Kellemora
Brainiac Class Poster
Brainiac Class Poster
 
Posts: 3389
Joined: 07 Jul 2012, 18:52
Location: From St. Louis, current Knoxville, TN

Re: Linux Passwords Cracked

Postby kg » 09 Dec 2012, 15:52


Wow! Paranoid, much? :P

Not that I find such paranoia unjustified; I often wonder whether the benefits of our modern day conveniences outweigh the risks. "The Cloud" has been purported to be "safe" from efforts that compromise the security of sensitive data, and yet there have been reports of success in doing just that.

Though some might call it extreme, you've taken the extraordinary steps necessary to protect your sensitive data (as much as possible) from compromise. It would be difficult in the extreme for anyone to acquire it, given its multiple levels of security, right up to and including your trained guard and attack dogs (let alone your bird, the very thought of which makes me break out in paroxysms of trembling! :lol: ).

Kellemora wrote:Glenn will understand it if I said it is sent similar to Spread Spectrum radio signals. I have to snail mail the range for it to be hand entered at the other end, before I send a backup file, or they won't get it intact.


Having been a Ham in the past, and considering his penchant for "things technical," I'm sure Yogi is familiar with the concepts underlying Spread Spectrum radio communication. ;) For those who read this and are unfamiliar with it, if one doesn't possess the pattern of transmission, it's impossible to intercept it, since it is delivered in small bursts on different frequencies in a predetermined sequence.
User avatar
kg
Honored 10k Club Member
Honored 10k Club Member
 
Posts: 10656
Joined: 06 Sep 2007, 23:45
Location: Godfrey, IL.

Re: Linux Passwords Cracked

Postby Yogi » 09 Dec 2012, 18:09

Geeze ... all I started out to do was steal your password Gary. But, now that you have detailed your entire security system on a public forum, it might be more fun finding the treasure in your high security computer system.

And, by the way, I am familiar with spread spectrum technology. I used to work for Motorola and they are the people who make secure communication devices for the secret service and like organizations. :mrgreen:
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby Kellemora » 10 Dec 2012, 10:59

My system really isn't as elaborate as it sounds when written out in text.
And I'm not a programmer to explain how some of the software I use, even does what it does.
But I have an overall picture of the intended effect and the reasoning behind it.

I had a router go south on me, due to an extra jumper added between the two routers that should not have been there. This happened when we moved everything out to add another high-speed switch to add more equipment on the LAN.
It basically created a feedback loop which slowed the LAN down and overheated the main router.

I had to dig out my books to figure out how to undo the twin router set-up and return to using it as a single router.
The fix was simple. After I read for almost two hours. Just hit the Reset Button to return the Router to it's Default Mode.
When we set up the stacked routers, it was a nightmare getting everything set just right to get through the firewalls.
Adding another wireless router to the system, I had to call an IT guy to reprogram it, it was above my head to attempt.
I didn't want ANY access to the LAN, from a wireless device, other than getting to the Cable Modem.
And then the hitch, I needed access to certain data files on the server, but still didn't want wireless access to it.
Good trick eh?
So we got a slow as molasses NAS, the wireless can access info from the NAS, and write to the NAS, and although the NAS is on the LAN, the wireless isn't. NO it's not impossible. A USB port is used to feed the NAS to the wireless router, with no throughput to the LAN from that port. On the LAN we cannot see the NAS to read from it, without changing a lot of settings, however we can take things from the server and send it to the NAS so it is available to the wireless router.

If you haven't guess, I'm terrified of wireless anything! To me, wireless simply means, BROADCASTED OVER THE PUBLIC AIRWAVES for anyone and everyone to see.

I like to think of it as if there is a DIODE between the LAN and the NAS, so info only goes in one direction and the wireless can only see the NAS and Modem and nothing else. Wishful thinking?

As far as passwords go, I feel any password can be cracked easily, no matter how complex it is.
How do you stop computers from trying one sequence after another until they find it?
That's where the 3-strikes per inning timed lockout comes into play, with a 3-strike out innings in a row, the safety shut-down kicks in.
Even this isn't totally safe, because there are Back Door Loopholes EVERYWHERE! Doors standing WIDE OPEN! Ways to bypass the password protection and come in via another route. Like Flash, Java or web browser loop holes.
And these new KEYS we have gone to recently are almost a joke.
I often get a screen that pops up on the Debian computer that says, giving SUPERUSER ACCESS (ROOT ACCESS) without requiring Password by using KEY such n such.
When on earth did I EVER allow this to happen? I don't know, I haven't figured it out yet!!!!!
Delete the Key file and when it's time to install an upgrade, I get messages like matching Key not found. So I have to connect to the web site manually, get their Key and place it back in the Key file. Making sure I'm at the correct web site first, and requesting the proper Key.
OK, now I have to match MY KEY to their Key. Done! Start Upgrade or Update by entering my password. Done!
The very next time I get an upgrade, up pops that screen again, giving free access to my ROOT........
How do I know it's not some cracker breaking into my system?
Anyone can go to the web site and download the KEY!

Oh Well! So much for technology continuing to go downhill.

TTUL
Gary
User avatar
Kellemora
Brainiac Class Poster
Brainiac Class Poster
 
Posts: 3389
Joined: 07 Jul 2012, 18:52
Location: From St. Louis, current Knoxville, TN

Re: Linux Passwords Cracked

Postby Yogi » 11 Dec 2012, 20:57

I don't know what you are trying to protect over there, but unless it's ATS (Above Top Secret), you probably are going to extremes that are not necessary to accomplish what you would like to see. There are so many variables in your description that I can't really suggest anything useful, but I can generalize.

First of all, any wireless device is a transceiver. As such it radiates a carrier in a pattern dictated by the antenna (array?) and topology of its surroundings. All the readily available devices out there use the 2.4GHz or the 5.0GHz frequency bands for data packet transmissions. At those frequencies the radiation pattern can easily be altered by common objects within your house, such as walls, plumbing, HVAC duct work, and furniture. The ideal situation would be to contain the RF within your building, and there are in fact fabrics you an line your walls with for that purpose. But to seal all the cracks in the floors and ceilings would be a nightmare, not to mention the ugliness that might not go with the lady of the house. Therefore, instead of relying on shielding the better approach would be to reduce the power output from the wireless devices so that they do not get outside your house - or at least are confined to within a few feet of the outer walls. You can easily test the radiation pattern by walking around the outside perimeter of your house to determine at what point the signal strength drops to near zero. If you detect no signal out on the public access roads/sidewalks, then you can safely have all the wireless communications you want and not have to worry about interception.

I suppose you put a lot of research into cascading routers, but one way to configure a hardware firewall would involve a proxy server into which a bridge (server) is connected followed by a router to manage your LAN. File servers and/or work stations would connect to the router in a normal fashion. It would be best to have a Windows Server OS for the proxy and Linux for the bridge, or vice-verse. The idea behind this scheme would be to force any intruder to crack two separate OS's in order to gain access to your LAN.

NAS is nice but all the ones I looked at are basically some obscure version of Linux with less than optimal throughput. A better approach would be to use a mid-tier or high end processor in a Linux server configuration with gigabyte Ethernet card(s). Fiber would be nice if you have that option but don't bother with it if the cables coming to your house are not also fiber optics. The typical NAS is just a Linux server anyway, but a PC would give you better throughput and a lot more options for configuring services, such as FTP. Your wireless devices could be configured to communicate with this pseudo-NAS setup, and a combination of firewall filters and group policies would determine who has access and which direction the data can flow. All that would confine wireless access to the NAS, but it's pointless if you have not taken measures to contain the radiation patterns to stay within your building.

You may think you are secure if you lock down your LAN, and I'm certain you can do things to prevent even the CIA from blowing by the front door. But, any serious hacker doesn't need access to your network to get what they are looking for. The server with your keyrings, for example, could be spoofed by some nefarious high school geek. Instead of connecting to where you think you are connecting, you might be going to this kid's server which is a clone of the real thing. The difference is you are obtaining decryption keys from the hacker who has his own idea of security. If you are not already familiar with the traceroute function, get informed immediately. Look at every hop between your network and the destination and be certain that you can clearly identify each leg of the journey. It's not all that difficult for a hacker to divert all your transmissions to the WAN by hacking a DNS server or router along the way. An analysis of what is intercepted can be made at the hacker's leisure in this case. You say it's all encrypted? Well heaven help you if this hacker is the one who gave you the decryption keys.

As far as unauthorized root access, I really don't know what is going on in your system. I do know that Trojans can be embedded in such innocuous things as images you download from a web site or those sent to you via e-mail. The embedded code within the image data can turn even your Linux box into an arm of a bot net. No, it's not easy to write this kind of malware - it's just one more thing to be paranoid about.
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby Kellemora » 12 Dec 2012, 12:01

Well, it is obvious I really am paranoid about these things, even though I really don't have anything to hide.

I normally use an older computer for my on-line activities that is on a different Group (LAN).
So I have to manually change the Group name to access my LAN.

I tried wireless once to reach my office, which is in my garage, and never found one that would reach.
After buying the frau a small netbook, I installed a wireless router for it. And even only one room away, it has a low signal.
But surprising, we can reach neighbors houses almost a block away, they appear on the list that pops up to show the connections or possible connection points.

As far as shielding goes, ever ceiling in my house already has aluminum foil between the original lath and plaster and the newer drywall facing. The kitchen is lath and plaster, with metal screening embedded in it, now all covered with 1/2 inch drywall too.
Which is probably why we couldn't get a signal to the garage, even using a repeater in the attic. Speaking of which, we do have a repeater in the hallway to get a stronger signal in the living room for the netbook.

As far as web sites, yes I've hit several links that would take one to a copycat web site, so I do check the url and redirects if something looks fishy. I get ton's of FAKE e-mails that appear to be UPS, FedEx or Banks, but if you check the URL the link takes you to, it is not the real place, but some cracker.

I do get some Valid links that the Link name does not match the clickable link and told the company, when they asked why I never redeemed coupons, that the link they provide does not match the one highlighted, so I don't click it.
Their excuse was that they use a 3rd party service to issue the coupons and that it is an OK web site. I still didn't use it, so they finally changed their link and text to read, coupons are provided by blah de blah and the link shows their full URL now.

In all the years I have used these confounded computin' contraptions, I've always disabled the anti-virus software that came bundled with Windoze. I've never had a problem yet! Knock on simulated wood grain. Even after checking with 3rd party, run one time virus checkers, they've never found anything. Dumb Luck, or possibly because I'm always so careful about where I go and what I do. I NEVER open an attachment that is not first isolated, even if from someone I know. One of the reasons for keeping the old computers around with nothing on them, except e-mail and web browsers with no links to the rest of my systems. I'm so paranoid, that on-line computers are even on a separate KVM switch from my in-house LAN computers. Although they all use the same cable modem, they go through different routers.

Overkill? Probably! But I've never been hacked or hit with a Trojan or a Virus.

And I'm truly considering something you mentioned in a past post not to long ago.
My next computer will run all OS's through Virtualization, once I figure out how to set them up differently than virtual box I'm using now that keeps running out of room due to default settings I've not been able to overcome. Looking into Virtual Machine instead of Virtual Box for my next computer. I wish I was smart enough to build a Cluster! It might be more beneficial to me than using several different computers.

TTUL
Gary
User avatar
Kellemora
Brainiac Class Poster
Brainiac Class Poster
 
Posts: 3389
Joined: 07 Jul 2012, 18:52
Location: From St. Louis, current Knoxville, TN

Re: Linux Passwords Cracked

Postby Yogi » 12 Dec 2012, 12:53

You got a lot of things going there and perhaps a tad more than you need. The bottom line is your comfort level and you should do whatever it takes to make you comfortable.

The wireless router signals are in the microwave range and subject to a lot of distortion in radiation patterns. As I mentioned above, all you need do is to take a wireless device and walk around the perimeter of your property. If you can't see your network, then you are good to go. Some people put the equivalent of linear amplifiers on their routers in order to get the coverage they want. I don't know if there are any standards for power output as there are in the amateur radio world. The rule of thumb, obviously, is to use as little as you can get away with.

My suggestion regarding use of the traceroute command does not apply to what you described about spoofed web sites whose URL you can read. I'm talking about your connection to legitimate web sites, ours for example. Your data leaves your connection point (modem) and typically goes through several servers, switches, and routers before it reaches the destination. One of those intermediate switch points could be hacked to divert your data to a private server. They would do what they want to do and forward your data back onto the network. You would never know this is happening because the destination URL is indeed legitimate. There may be some lag, but where is there not any lag?

I ran Windows for many years without antivirus software and collected maybe two or three bugs. I have installed AV software to evaluate it so that I can give recommendations, but most of it is useless. You are fortunate to never have had a virus, and hopefully you have software that is capable of detecting bugs. None that I know of will do a complete job simply due to the nature of the malware. What did not exist this morning is viral this afternoon. AV software simply can't keep up. The caution I passed on is in regard to one of those back doors you refer to. You can infect your computer simply by visiting a web site and viewing a graphic. The payload is embedded in the raw data for the image and no AV software on this planet can detect the download. That is why many browsers and e-mail clients give you the option of not downloading "remote content." Most people don't take that precaution because the web sites and e-mail would look pretty boring without pretty pictures.

Virtual machines are beautiful for security purposes. As I recall, you were running an outdated version of VirtualBox and did not have the built in commands available with which you could expand your partition size dynamically. You can make .vdi disks larger than the default upon creation of the machine, but as you point out that would require reinstalling all your software over again. Perhaps you would benefit from using VMware instead of VirtualBox. It's not free, but I hear it has some options that you don't see in VB. Then again, all VMs do is protect you from intruders. Once the data packets leave your modem, you are out of control. That is the only scary part of the Internet.
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby kg » 12 Dec 2012, 16:06


I don't know that I'd trust virtualized OSes all that much, since data is copied to the hard drive on which the host resides. I much prefer a persistent LiveUSB, with the persistent files saved on the USB itself, and deny it access to the swap partition on the hard drive.

That is true isolation. If the OS becomes infected, it's a simple matter to make another LiveUSB and continue. Almost the only way to further isolate it would be to disconnect the hard drive while using the LiveUSB, or run it on a dedicated computer that doesn't have one.
User avatar
kg
Honored 10k Club Member
Honored 10k Club Member
 
Posts: 10656
Joined: 06 Sep 2007, 23:45
Location: Godfrey, IL.

Re: Linux Passwords Cracked

Postby Yogi » 13 Dec 2012, 01:01

Frankly I don't see the difference between writing to a .vdi file (virtual disk) and writing to a USB memory stick. Both have an embedded operating system which includes a file system. Persistence just guarantees that you lose everything when you lose the USB device. Unless the files are encrypted, you might as well publish all your persistence files on Facebook. They are about that secure.

The salient point regarding VMs is that they are protected from direct access via a technique casually referred to as sandboxing. Anything that happens in the VM stays inside the VM (that includes swap space). You can argue that the .vdi file is easy enough to copy and run on any remote VirtualBox software. While that is true, it assumes that you were able to break into the host first. There is no host OS acting as a firewall on a USB stick. Plus, even if you do steal a copy of the VM, you still have to break into it's OS to get anything useful.

It's not as easy to physically misplace a hard drive with a VM installed as it is to lose a memory stick. The VM also has a performance advantage over memory sticks in that it's not limited by the bandwidth of the USB protocol, i.e., 12Mbits/sec. Compare that to a SATA hard drive that is typically 3Gbits per second. The advantage of a USB OS is it's portability, not it's security.
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby Kellemora » 13 Dec 2012, 13:35

Hi Yogi - although I'm no computer geek, by a long shot. On my next computer, I'm planning on running MINT as the primary OS, but then run a copy of MINT as well as whatever else I add to the system in VM. And if it works the way I think it will, I will convert all of my computers to the same type system. Meaning everything I use daily will be run on the VM.
I figure, once I get it set up the way I want, with the programs I want, then I will make a copy of it.
If it works the way I'm thinking, if something does go wrong, it will be a simple matter of just copying the file back to the VM.
And also, I will be able to move them around from computer to computer, just changing the requirements for each computer.

I'm still out to lunch on having /home on it's own partition. I've done that in the past, because it was recommended, and in the long run, caused me more problems, than allowing each distro to have its own /home partition on the partition the distro is in.
To use a stand-alone /home partition, when using other OS's, if you use the same log-in, it can mess up everything real quick.
Files needed by one system are updated or changed, because THAT system don't need them. Then when you go back to the other OS, files are missing or no longer compatible.
Whether /home is on it's own partition or not, it is still easy to Back Up the /home folder and keep it in folders from which computer and distro it came from.

I will have to study long and hard before I finally decide how to build the next computer.

TTUL
Gary
User avatar
Kellemora
Brainiac Class Poster
Brainiac Class Poster
 
Posts: 3389
Joined: 07 Jul 2012, 18:52
Location: From St. Louis, current Knoxville, TN

Re: Linux Passwords Cracked

Postby Yogi » 13 Dec 2012, 21:54

I'm not sure what the point is of running Mint inside Mint, but it certainly is possible from a technical point of view. If performance is an issue, be warned that you should expect some degradation inside the VMs.

VirutalBox software allows you to create snapshots of the state your VM is in at any given instance. A good practice would be to configure your system with all the basic software you will be frequently using, then take a snapshot. That will be the point to which you return if needed. Backup files become less necessary with snapshots, but it is prudent to backup any critical documents onto a separate hardware device; your NAS for example. This technique is similar to the restore points in Windows, but not exactly the same. It's more like a system image you can return to on demand.

The virtual hard disk is a .vdi file and can be transported to other machines running VirtualBox. Think of it as a virtual portable hard drive. I've never actually done that, but the instructions seem pretty straight forward.

My vision of an operating system is to have it totally self contained. Each VM would have it's own file system not shared with any other OS on that hardware. The only exceptions would be swap and GRUB. I install GRUB with the MBR to facilitate booting of multiple systems. I've also gone to the extent of creating different user accounts for different desktops. My Ubuntu machine defaults to Unity but when I want KDE, for example, I log in under a different user name. The KDE desktop is kept separate from Unity for the same reasons you don't want to share /home with other systems. Many conflicts are possible and I'm not smart enough to troubleshoot them. So KISS is my motto.
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Re: Linux Passwords Cracked

Postby Kellemora » 14 Dec 2012, 11:44

The logic behind my reasoning is simple, and actually stems from my many years of using Windows.

Getting a new computer, although nice to have new, has always been a major pain in the arse for me.
Every program I use had to be reinstalled and tweaked until it worked the way it did before. If possible.

I've never been able to BACKUP and Reinstall any version of windows, without first reloading a fresh copy of windows and then all the software programs separately. Once everything was installed, THEN I could shoot the backup back into the system.

With VB I tried a few experiments, using Windows XP-PRO-MCE, one of the worst XP programs to deal with.
I installed it in VB, added all of the programs I use in it. I never store my data (output from the programs) with the programs.
Once everything was set up and running properly, I took the Snapshot and then copied the .vdi file to an external HD.

Using the same computer, I cleaned off a partition and installed Debian, installed VB, made a folder for the Windows OS and simply copied the .vdi into that folder. Voila, everything was there in SECONDS, not HOURS as it takes to reinstall everything, and it worked perfectly.
The ONLY drawback is, installing the .vdi file, REDUCED my working space from 100 megs back down to the 10 megs I was trying to get away from.

I then installed VB on my Ubuntu 10.04 machine and VB, copied the .vdi file over to it, everything ran like a charm, AFTER I reregistered with Mickey$oft, as some checksum they used showed I was on a different computer. But once again, back to that 10 meg limit. So, the .vdi must hold that information.

The only way I'm going to be able to break that limitation is to set each virtual machine at 100 megs and MAKE SURE it doesn't default back to 10 megs. One of the reasons I'm now considering VM over VB is because VM allows you to add storage and memory as necessary.

The only thing I see in using a different log-in name, is that all changes are stored in the USER FILE within the same /home directory. That could be quite handy also. I've done something similar in the past, used one log-in name for work, one for my writing and another for my personal stuff. That way my desktop was set up the way I want it while working in those different venues. EG: I have one desktop set up solely for working on web pages, the browser has all the tool bars for manipulating my web sites, checking files, etc. before going live. But I don't want all that garbage in my way for my daily work on other things.

The only drawback to working this way, is if I find something while on my personal desktop that I want to use for my writing desktop, I have to share that file with another computer, in order to be able to access it from a different user name. Like shared files. Even though they are shared, for some reason they are not visible between users on the same computer. Probably a setting I have wrong somewhere. But rather than spending the time trying to figure it out, for me, it is faster to have a Universal Shared Folder on a normally idle computer, or using the slow NAS. I do have a 1 gig LAN, so why the NAS is so slow, I have no idea. Actually, it's no slower than accessing an external HD on another computer. But compared to using a USB port on the working computer to an external hard drive, which is very fast, not as fast as SSD drives, but fast compared to going through the LAN.

I've been considering buying a SATA SSD, for my imaging work, but I'm still leery of them. I've used several of these key-fob sized mini-SSD or whatever they call them, Edge Drives? Like SanDisk Cruzer's, and they seem to fail quite often, go bad, won't read, etc. They are not abused! I have a plastic rack on my desk, came from a department store lipstick display, that has 40 slots for tubes of lipstick. I have about two dozen of these key-fob type USB drives in there, holding things I use for several different purposes. The top row of these contain things like Boot Repair, Knoppix Live, Partition Magic, G-Parted, etc. and every so often, one of them, normally the ones I use for image transfers, just seem to burn out.
But I LOVE the speed of downloading large files from them when needed.

Have you had any experience with these larger SATA or External SSD's?

And one last question, if you don't mind. How does a web site (like yours) insure against data loss?
I imagine you have a RAID 5 or 10 system. But is it backed up just in case the controller card goes south?
Or is there another method I'm not familiar with? One web master I asked only stated that they use a split redundant array.
I know there are programs like RAID Recovery out there. As you know, I'm paranoid, and I have a right to be, the frau lost thousand of photographs, not replaceable, when a backup program glitch, instead of copying the files to the backup drive, it only made LINKS back to the source drive. So, when you checked the backup drive, everything looked like it was there!

I'm just tired of all the steps I go through to make sure everything I do each day is mirrored to drives both in a different building and in a different state.

TTUL
Gary
User avatar
Kellemora
Brainiac Class Poster
Brainiac Class Poster
 
Posts: 3389
Joined: 07 Jul 2012, 18:52
Location: From St. Louis, current Knoxville, TN

Re: Linux Passwords Cracked

Postby Yogi » 15 Dec 2012, 11:20

Regarding backups for Windows, it seems as if you are missing something. I can't speak to systems pre-Vista, but I suspect that even OS's from XP onward have the ability to create bit for bit disk images of your entire system. When you need to recover, all you need to do is restore the image. As you can imagine, the entire system can take up many gigabytes even in a compressed format so that an external hard drive is required to store the images. Windows 7 allows for such image backup to be performed using network storage. I do mine on my NAS. The beauty of images is that they are plug (or copy in this case) and play. You will lose anything you did between the image creation and the time you do the restore, but you will not have to reinstall anything nor reconfigure your software. You will simply go back to the state of the machine at the time of image creation. It's much like what you describe you are doing with .vdi files, but you don't have to worry about disk size limitations as you do with your VMs.

Vista and Win7 also have automatic backup capability which will make shadow copies of your files. You can designate which files and directories to backup, and set a schedule to do it automatically. Thus all your important files can be preserved daily while you slumber. The thing about shadow copies is that they can be many layers deep. If the previous copy is not what you need, you can go back before that. I don't know how deep you can go with the shadows because I've never had occasion to recover that way. I do this kind of backup weekly while I'm eating Sunday Dinner.

Then again, you bring up the idea of mirrors. All Windows server software since Windows NT has the ability to create mirrors. The idea here is that any changes you make to the main server automatically get stored (mirrored) onto a special server set up for the purpose. These are backups in a sense and have the advantage of being performed in near real time. I'd be surprised if Linux server OS's do not also have the ability to make mirrors. Work stations by definition would not be able to make mirrors, but I've seen more than one server misused as a work station just to do the mirrored backups.

The backup strategy you use should be consistent with your disaster recovery plan. I know you run a business and your concerns go beyond simple backup. You need to keep your business systems running 24/7 and have a way to get back on line quickly if disaster occurs. Once you plan out AND TEST your recovery, the steps you need to take should be pretty obvious.

We here at the Brainformation Command and Control Center have a very simple plan. Then again, we don't have a complex business to run. The software which generates the web pages is open source and off the shelf. I have copies on my local HDD and NAS, but it can be downloaded easily if necessary. As you might have noted the software is written in PHP which means it requires a database from which to fetch information about content. Each page you view is created dynamically by fetching what is in the database and then writing the page on demand. Thus, the critical element in our system is the database. Our hosting service is on the East Coast while I'm located near Chicago. I have no idea what they use to backup their servers, and MY website data. However, I do have copies of our database stored on the hosting server, on my local machine, on my NAS, and in places as far away as England. Therefore, if our host should go under due to a hurricane or something, all I need do is sign up for another host (on the West Coast :grin: ), install PHP, and upload our database. That whole process could complete in under a couple hours with the longest part being registering for a new hosting service. I try to do database backups weekly, but sometimes it goes beyond that. In any case, very little would be lost if we should go down unexpectedly.

The bottom line in the above is to do backups on external storage devices, preferably of the hard disk variety. Keep redundant copies in several physical locations, which I believe you do. Flash memory sticks are fine for what they are designed to do. They are not intended to replace hard disks given that the flash memory sticks use a much different technology to store data than does a disk. A hard disk is coated with magnetic material and the 1's and 0's are stored in the form of reversing the polarity of spots on tracks along the disk. This polarity will maintain its state indefinitely (well, almost indefinitely). Flash memory, on the other hand uses charges on what amounts to capacitors in order to store data. Capacitors, as you know, lose their charge over time, and the issue is complicated more by the fact flash memory loses it's ability to hold a charge at all after a certain number of state changes. Your flash memory stick is guaranteed to fail due to the technology used to manufacture it.

SSD is similar to flash but the number of times it can be written to has dramatically increased. It's not up to the durability of a HDD, but it has a throughput advantage over HDD's and no moving parts to wear out. SSD's typically will run on your computer's internal data bus which can approach gigabytes in terms of data transfer rates. The external ones either use an eSATA bus or USB connection to your computer - the throughput is limited by the speed of those ports. Flash memory typically runs off the USB port of your computer, which is significantly slower than the internal data bus. Flash memory is good for minimal usage and you can't beat its portability. Heavy (write operations) usage should go on something more durable than flash technology devices.

Security and disaster recovery require a lot of forethought, as you know. Write down what you want to accomplish and stick to the plan. Once you have a goal in mind picking a strategy and hardware/software to accomplish the goal should be an easy task. Us old hams have a penchant for experimenting and a huge curiosity. That's entertaining to say the least, but I suspect you are putting way too much effort into your data protection scheme. Knowing how to work with virtualization, networks, and disaster recovery is all a good thing, but the complexity can be overwhelming not to mention unnecessary.
User avatar
Yogi
Oracle Class Poster
Oracle Class Poster
 
Posts: 7013
Joined: 04 Aug 2007, 19:37
Location: Chicagoland

Next

Return to Personal Computers

Who is online

Users browsing this forum: No registered users and 5 guests

cron