# physical access and mirror security

## jpc22

I spoke with an it person (my uncle) who told me that open source was a joke since he could audit the code and change it since it's open.

I know it is unlikely someone hacks a gentoo mirror i use,and i plan to setup a pgp verified mirror for my boxes, 

 but could you tell me more about how Linux mirrors are protected, and where should i start learning programming so i can write my own code and verify code myself.

He also told me that with hiren bootcd he could break any password, so i asked him about full disk encryption and he said that algorithms are written by programmers and that programmers wrote counter-algorithms, so he could.

i highly doubt he could to better than authorities , since some courts have ordered people to disclose their encryption passwords in order to acess data on encrypted drives.

I would like advice on how to make my box as secure as it can be, and how to defeat physical acess hacks, since when my setup will be finished i will challenge my uncle to hack my box. (laptop without firewire or any dma ports)

----------

## Ant P.

It sounds like you're dealing with the sort of uninformed idiot who thinks the view source option in a web browser allows him to "hack" remote websites.

The Gentoo mirrors are already cryptographically secure from tampering. All important files in the ebuild tree have three different checksums each, and the checksum list is GPG-signed by Gentoo developers. Yes, it's easy to crack passwords on Windows; NTLM uses easily brute-forceable MD4 hashes (not even MD5) which the rest of the world stopped using decades ago. We're using SHA512, RIPEMD and Whirlpool. An attacker would have to find a preimage attack that creates the same output on all three.

As for data on disk, merely using a non-default filesystem like Btrfs can be enough to present an insurmountable obstacle to a script kiddie armed with only a windows live CD. They can still fumble their way to limited success by using heuristic data recovery tools on the partition — if the data isn't fragmented — but once you use something like dm-crypt to encrypt your data, nobody is getting in without the password. Period.

The only ways you can be exploited remotely are if you have a network service with weak passwords, someone finds an exploit in a running service, or someone finds an exploit in the kernel network code. The first is trivial to fix on a default Linux installation; just disable unneeded services, set up a basic stateful firewall, and use key-based auth in SSH if it needs to be running. The second and third methods... well, those are clearly magnitudes above his competence level.

Of course, if this is just about the source code being visible... the Windows 2000 source was leaked years ago. Even before that, the OS was a joke in terms of security. And I very much doubt anyone would be gullible enough to accept patches from this guy.

----------

## NeddySeagoon

jpc22,

Gentoo has gpg signatures in the works. See GLEP 57 and the other GLEPS it mentions.

Hacking a Gentoo mirror is not sufficient to get compromised sources build and installed on your system.

Your sources come from one mirror and your portage tree from another.

The tree contains hashes and file lengths of all the files it is expected to work with - these are the digests.

The digests are checked every emerge - if it fails, the package is not emerged.

This means that an attacker has to compromise but the sources and the tree. Thats two attacks.

You could move the attack upstream to master mirrors, so that both compromised code and matching digests are put on all mirrors. 

Your uncle can change the sources - he can fix bugs, add new functionality but that his changes were made would be detected.

With physical access and a bootCD, you can change passwords but not break them.  Think about the the way you set your root password on your Gentoo install.

Passwords are not stored in clear text - the salted hash value is stored.  When you need to check a password, the hash value is computed and the old and new hashes compared.

hash functions used for password are easy to compute the hash given the password but very very hard to find an input value that hashes to a given hash value.  What that happens, you have a hash collision.

A few years ago, md5 was used for storing passwords. However, generating collisions became fairly easy, so it has been replaced. 

The encryption algorithims used for disk encryption are well known and published.  Indeed a lot of crypto analysists put a lot of time in trying to find flaws.  The international banking system relies on these methods. So does online banking.  I presume that as banking systems are so insecure, you uncle does not use banks?

If an attacker is allowed physical access, your only remaining protection is data encryption. You need to use good passwords so that they cannot be brute forced.

Security is a tradeoff with usability.  Work out who you are trying to deter, then choose options to suit.

The weak link in the system is ultimately you - are your prepared to die to keep your secrets safe or would you reveal your passwords  in the face of torture?

You will beat your uncle easily.

----------

## The Doctor

If you feel like it, you might have fun by preparing a laptop with encryption and good passwords/keyfiles/etc and challenging him to get in. Just make sure its your stuff he is trying to hack so its nice and legal.

Also, if you want an anecdotal evidence of security, there is a story somewhere on the gentoo wiki about the FBI trying for over a year to hack a LUKS volume. Unfortunately, the wiki is currently experiencing some "technical difficulties," but I thing this may be the page: http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_LUKS

EDIT: Its not the right page...

----------

## jpc22

Thanks for your input,, guys, the laptop is aldready running hardened gentoo with full disk encryption and boot on a usb3 key.

Now i am looking into the documentation for selinux grsecurity  apparmor iptables  ,etc but I'm not so sure yet which ones are the best.

I'm also looking at the ASUS HDD password protection which  seems pretty hard to get past by, since you have to contact ASUS and prove them your are the legitimate owner of the computer for them to unlock the hard drive.

I also consider adding a bios password on boot, but  an attacker would only need to reset the cmos to clear the password, and they might break the laptop doing so.

and before you ask , i'm not paranoid , i just want to experiment with security and i like the peace of mind of having a system that will

----------

