You are not logged in.
- Topics: Active | Unanswered
#1 2015-11-19 21:18:47
- doozzik
- Member
- Registered: 2015-11-17
- Posts: 2
[SOLVED] /home encryption vs /etc/shadow
Hi. I cant choose between data encryption and system encryption. Here is my question:
If I will encrypt only my home folder, can someone boot from bootable usb stick, open /etc/shadow file and change my user password to NULL? If yes, can he got access to my files? Or login to my account?
Last edited by doozzik (2015-11-20 07:11:06)
Offline
#2 2015-11-19 21:36:12
- ajbibb
- Member
- Registered: 2012-02-12
- Posts: 142
Re: [SOLVED] /home encryption vs /etc/shadow
Depends on how you open the encrypted home folder. If you do it automatically via fstab and crypttab then I'd have to think yes. If you enter the passphrase manually then no.
In the second case however all of your system files are open and anybody who gets access to your computer could do all sorts of nasty things if they were so inclined. Even with full disk encryption people with access can still do nasty things to your unencrypted boot partition. The wiki has pretty good information the pros and cons of each and potential attach avenues.
Offline
#3 2015-11-20 05:17:46
- doozzik
- Member
- Registered: 2015-11-17
- Posts: 2
Re: [SOLVED] /home encryption vs /etc/shadow
Depends on how you open the encrypted home folder. If you do it automatically via fstab and crypttab then I'd have to think yes.
But this doesnt have logic. My files should be encrypted with some passphrase. And this passphrase must be my password. If anyone will change this password, how could he encrypt my files?
Offline
#4 2015-11-20 05:30:15
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,231
- Website
Re: [SOLVED] /home encryption vs /etc/shadow
But this doesnt have logic. My files should be encrypted with some passphrase. And this passphrase must be my password. If anyone will change this password, how could he encrypt my files?
Exactly; your files are encrypted with a passphrase that matches your password in /etc/shadow. Changing your password in /etc/shadow will NOT change the passphrase of your encrypted data. You still need the *original* password to decrypt your home (trust me, I've tried it accidentally).
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#5 2015-11-24 01:04:09
- igorek24
- Member
- Registered: 2015-11-24
- Posts: 3
Re: [SOLVED] /home encryption vs /etc/shadow
I always encrypt full system. Sometime sensitive information can be stored outside of your home folder.
Offline