![]() Are you trying to protect against the NSA, Chinese, Russian, Turkish, or Israeli Security teams or against an 8 yr old grand child? Someone with sufficient technical knowledge can access everything on a non-encrypted disk and may be able to trick you into providing access even if it is encrypted by modifying the /boot/ areas.Ī pin really isn't much security, unless it is tied to a physical challenge/response device. Heck, with 700 permissions and a portable application, that might be sufficient.Īs EuclideanCoffee suggests, the sort of attacker would matter greatly. Or you could just have a portable version of the program, store it inside an encrypted container that you'd unlock, mount with 700 permissions, and unmount when done. Then you can modify some sudo settings to let your userid, and only yours, run the command as that other userid leveraging sudo for authentication. You could create a new userid that can only run the specific command and lock down that userid so no direct logins are allowed. If you are protecting data from a technical user, you may want to put the data in Dropbox or OneDrive where it's behind someone else's security system. If you are protecting data from a non-technical user, you may want to hide the document as a dot file. As soon as they can figure this out, they can likely get direct access quite easily.Īll of this then depends on where you are, what you are protecting, and who you are protecting it from. All an attacker would need to do is break the function that asks you for a password. And they would have to enter the pin number manual to bypass security.īut this obviously isn't secure either. That pin answer is encrypted, so the user won't have direct access to it. You can rewrite the application to ask for a pin upon startup. Not good.īut what are things you cannot immediately do that would have a direct impact on your security? ![]() But you said you have too long of a password, and giving the application a sudo path would only allow it possible root access to your computer. Therefore your real option appears to place sudo restrictions on the binary. I think it only gives you a sense that there is improved security, when in reality it's just wasting your time. Plenty of people may already give you this advice. If you modify the /usr/bin, someone could still figure out the path and bypass your /usr/bin path. If you place a pin wrapper around any application launcher script, you are only using security theater because anyone could bypass the launcher with a direct path to the application from your computer. This would require some digging, which anyone could do. I'm sure there may already be a good way to do this, but it's not obvious at first to me what you'd need to do. I use PAM only sparingly and do not create pins with it. The problem then is that modifying PAM may allow you to authenticate anything with a pin. PAM would be your way of authenticating with a pin. I've spent some time searching for solutions, but finding nothing apart from the fact that using PAM for a lockscreen PIN is possible.However, I don't know PAM, so I don't know if it can be applied to opening a window whose program is already running in the background.ĭo you have an idea of how to implement this, whether using PAM or some other way? This functionality would replicate the "Quick Unlock" function provided by KeePass2 + Quick Unlock, or by Keepass2Android. ![]() It would be extra useful if entering an incorrect code (say) three times would force-close KeepassXC to prevent brute-force guessing. I'd like to protect KeepassXC with a short code (not necessarily digits), so that once unlocked, clicking the icon will open the KeepassXC window only after the short code has been entered. Locking it every time after I use it makes me enter a long passphrase to reopen it, which quickly becomes unwieldy. To reopen it, all that a person has to do is click on the icon. I have a password manager ( KeepassXC) that, once unlocked, sits in my taskbar. a PIN, so that it won't open until the code is entered? Is it possible to protect an app with a short code, e.g.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |