Cooking with Linux - Security's Front Door
What is this I see on our specials chalkboard, François? Mxyztplk? That is the root password for our main server! Mon Dieu! What do I see here? Those are all our administrative passwords! Why would you post secret information where everyone can see it? Quoi? So you would not forget? But François, neither will anyone else. I see you have posted your own login passwords as well. Please, erase those immediately and wash the chalkboard when you are done. Merci. Now, just to be safe, we will need to generate a whole new set of passwords for all our systems. What were you thinking, mon ami? Of course, I see. We'll discuss this later. Our guests are arriving now. Prepare yourself, François.
Welcome, everyone! How wonderful to see you here at Chez Marcel, home of superb Linux and open-source software and, of course, wine served from one of the world's finest wine cellars. Speaking of wine...François, please head down to the wine cellar, over in the East wing, and bring back the 2005 Sonoma County Kokomo Zinfandel. Vite!
Ah, mes amis, you missed a rare opportunity to see all of Chez Marcel's security, exposed on our Specials du Jour board. Nevertheless, it does provide an excellent backdrop to our menu this evening, as all the items relate to password security. Passwords, mes amis, are still your first line of defense when it comes to computers. Biometric systems, like fingerprint readers, can make secure access more daunting and difficult to breach, but most systems, including countless Web sites, require a user name and password for access, and that's not changing anytime soon. In the end, it usually comes back to passwords, and passwords mean people need to remember them. And, that's where the problem starts.
I've been in offices where people will tell you (if you insist) that everyone pretty much knows everybody else's passwords—just in case. I've seen yellow sticky notes stuck to computer screens with passwords written down so the users don't forget. Even when that information is out of sight, people use simple passwords, like the word “password”, because they're easy to remember.
One way to get secure passwords that aren't your pet's name or your spouse's birthday is to pick a phrase that means something to you, and then play with it. For example, take the phrase “Believe in magic!” Now, take only the consonants of the first and last word, and you have blvmgc. Add an I at the beginning, but make that I a numeric 1 instead. Add an asterisk for the final character, and you have 1blvmgc*—a great password if ever there was one.
Another, more secure way (particularly if you need many passwords), is to enlist the help of a random password generator. One such program is Pierre “khorben” Prochery's makepasswd program (inspired by Rob Levin's Perl script of the same name). Pierre's makepasswd program uses your computer's random number generator to create passwords of varying constraints. It also can generate encrypted passwords. You can get a single, random password by typing makepasswd at a shell prompt. The program also accepts different parameters on the command line, as shown here:
$ makepasswd --chars 8 --count=4 0dAU8BXM suQt4CF2 5x0yGJ1S 6KTInj58
So, what happened? The --chars 8 parameter tells the program to use exactly eight characters in the resulting password. You also can specify --minchars and --maxchars to get different password lengths. The --count=4 parameter tells the program to generate four passwords. The default is to provide only one password. Type makepasswd --help for a full list of parameters.
Shell users know this well, but those who take the time to learn the ins and outs of their Linux systems learn this too; many graphical programs are front ends to one or more text- or shell-based commands. The same is true for the next item on our menu, KriptPass, which wraps the makepasswd program in a nice, graphical interface. KriptPass is a Kommander script available from Kriptopolis.org. Kommander is a combination program editor and executor that can be used to create any number of graphical applications using the KDE framework. I mention Kommander, because you need it to use KriptPass. So, installing Kommander is the first step. Because it's a KDE application, check your system to see whether you already have Kommander installed. If you don't, check your distribution's repositories and install it. Because KriptPass is based on makepasswd, you need that as well.
Assuming you have Kommander installed, installing and running KriptPass is as simple as downloading it from www.kde-apps.org/content/show.php/KriptPass?content=58800. Extract the script wherever you like, open up Konqueror and simply click on the kriptpass.kmdr file. That's all there's to it (if you like, you can add a shortcut icon on your desktop for future use). The KriptPass window appears (Figure 1), and you'll see three tabs labeled Passwords, Wireless Keys and About.
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
|Dart: a New Web Programming Experience||May 07, 2013|
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Validate an E-Mail Address with PHP, the Right Way
- New Products
- Developer Poll
- Tech Tip: Really Simple HTTP Server with Python
- direct cable connection
32 sec ago
- Agreed on AirDroid. With my
10 min 48 sec ago
- I just learned this
14 min 58 sec ago
45 min 2 sec ago
- not living upto the mobile revolution
3 hours 36 min ago
- Deceptive Advertising and
4 hours 11 min ago
- Let\'s declare that you have
4 hours 12 min ago
- Alterations in Contest Due
4 hours 13 min ago
- At a numbers mindset, your
4 hours 15 min ago
- Do not get Just Almost any
4 hours 18 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.