Cooking with Linux - Security's Front Door
What is this I see on our specials chalkboard, François? Mxyztplk? That is the root password for our main server! Mon Dieu! What do I see here? Those are all our administrative passwords! Why would you post secret information where everyone can see it? Quoi? So you would not forget? But François, neither will anyone else. I see you have posted your own login passwords as well. Please, erase those immediately and wash the chalkboard when you are done. Merci. Now, just to be safe, we will need to generate a whole new set of passwords for all our systems. What were you thinking, mon ami? Of course, I see. We'll discuss this later. Our guests are arriving now. Prepare yourself, François.
Welcome, everyone! How wonderful to see you here at Chez Marcel, home of superb Linux and open-source software and, of course, wine served from one of the world's finest wine cellars. Speaking of wine...François, please head down to the wine cellar, over in the East wing, and bring back the 2005 Sonoma County Kokomo Zinfandel. Vite!
Ah, mes amis, you missed a rare opportunity to see all of Chez Marcel's security, exposed on our Specials du Jour board. Nevertheless, it does provide an excellent backdrop to our menu this evening, as all the items relate to password security. Passwords, mes amis, are still your first line of defense when it comes to computers. Biometric systems, like fingerprint readers, can make secure access more daunting and difficult to breach, but most systems, including countless Web sites, require a user name and password for access, and that's not changing anytime soon. In the end, it usually comes back to passwords, and passwords mean people need to remember them. And, that's where the problem starts.
I've been in offices where people will tell you (if you insist) that everyone pretty much knows everybody else's passwords—just in case. I've seen yellow sticky notes stuck to computer screens with passwords written down so the users don't forget. Even when that information is out of sight, people use simple passwords, like the word “password”, because they're easy to remember.
One way to get secure passwords that aren't your pet's name or your spouse's birthday is to pick a phrase that means something to you, and then play with it. For example, take the phrase “Believe in magic!” Now, take only the consonants of the first and last word, and you have blvmgc. Add an I at the beginning, but make that I a numeric 1 instead. Add an asterisk for the final character, and you have 1blvmgc*—a great password if ever there was one.
Another, more secure way (particularly if you need many passwords), is to enlist the help of a random password generator. One such program is Pierre “khorben” Prochery's makepasswd program (inspired by Rob Levin's Perl script of the same name). Pierre's makepasswd program uses your computer's random number generator to create passwords of varying constraints. It also can generate encrypted passwords. You can get a single, random password by typing makepasswd at a shell prompt. The program also accepts different parameters on the command line, as shown here:
$ makepasswd --chars 8 --count=4 0dAU8BXM suQt4CF2 5x0yGJ1S 6KTInj58
So, what happened? The --chars 8 parameter tells the program to use exactly eight characters in the resulting password. You also can specify --minchars and --maxchars to get different password lengths. The --count=4 parameter tells the program to generate four passwords. The default is to provide only one password. Type makepasswd --help for a full list of parameters.
Shell users know this well, but those who take the time to learn the ins and outs of their Linux systems learn this too; many graphical programs are front ends to one or more text- or shell-based commands. The same is true for the next item on our menu, KriptPass, which wraps the makepasswd program in a nice, graphical interface. KriptPass is a Kommander script available from Kriptopolis.org. Kommander is a combination program editor and executor that can be used to create any number of graphical applications using the KDE framework. I mention Kommander, because you need it to use KriptPass. So, installing Kommander is the first step. Because it's a KDE application, check your system to see whether you already have Kommander installed. If you don't, check your distribution's repositories and install it. Because KriptPass is based on makepasswd, you need that as well.
Assuming you have Kommander installed, installing and running KriptPass is as simple as downloading it from www.kde-apps.org/content/show.php/KriptPass?content=58800. Extract the script wherever you like, open up Konqueror and simply click on the kriptpass.kmdr file. That's all there's to it (if you like, you can add a shortcut icon on your desktop for future use). The KriptPass window appears (Figure 1), and you'll see three tabs labeled Passwords, Wireless Keys and About.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Google's Abacus Project: It's All about Trust
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Seeing Red and Getting Sleep
- Back to Backups
- Secure Desktops with Qubes: Introduction
- Fancy Tricks for Changing Numeric Base
- Working with Command Arguments
- Secure Desktops with Qubes: Installation
- Linux Mint 18
- CentOS 6.8 Released
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide