[KLUG Advocacy] Re: linux security

[Adam Tauno Williams]

> > Given physical access I can crack a Windows 2000/XP box is less than a
> > minute.
> Is that because there are undisclosed manufacturer's backdoors; you have
> a program on floppy/CD which cracks passwords; or you're a really
> intuitive codebreaker and type super fast?

Austrami.  It takes about ten keystrokes.

> I'm somewhat guessing that it is the program on floppy/CD approach.  Are
> windows password files unencrypted?  

Sort of.

> Is it encrypted but the algorithm
> is so well known that someone has broken the algorithm? 

Yep, see the Samba source code.

> Or, is it that
> the file is encrypted but all windows machines use the same key?

That used to be true in NT, I don't know if it is true anymore.

> My curiosity is more than academic.  Having used many laptops over the
> years, I've had occasion to send them back to their manufacturers.  When
> a machine running WinXP was returned about a year ago, stuff was changed
> that only someone with access to that user account should have been able
> to change.  My working theory was that there is a backdoor admin account
> and they used admin privileges to change files in a password-protected
> user account.

Nah, they just changed the Administrator account password, and then put
the old value back.  You'd never know.  The format of the SAM is known,
boot up without that pesky OS in the way and it is all just blocks on a
platter - move them around at will.

*NO* operating system can make a device that can be physically accessed
secure.  You need something built-in way down in the metal if you want
both security AND physical access: a large crypt key on a USB stick that
the disk controller uses to encrypt/decrypt block I/O operations to a
disk - and then when you go away you take the USB stick with you - thus
'breaking' the system so it cannot work.

Applications can of course encrypt their data, which may or may not be
secure depending upon how they do it.  But an OS needs to be able to
boot so they can't be secure without making it a pain for the user - for
instance you can set a secret on a KDC's principal store - but you need
to enter/load that secret everytime you restart the KDC (reboot the
computer), but this is rarely done since it is a REAL PITA.