This post comes to you from Ubuntu 8.10 Intrepid Ibex, upon a fully encrpted 500GB disk. So if my laptop should fall into the wrong hands, my customers, family and friends can rest assured their data, passwords, photographs or emails are (for all practical purposes) secure.
Thus far I haven’t noticed a performance cost. The system “feels” as fast as before. I’m running a Centrino Core2 Duo 1.66GHz, 1.5GiB RAM. When moving large quantities of data (10GiB plus) I see the kcryptd process using around 25% - 50% CPU (of one core).
It really was painless to setup. Thanks to this walkthrough I was pretty confident it would be easy. No dramas. The hardest step was probably choosing a suitably random password (thanks grc).
There was some discussion on the BeWelcome developers mailing list recently about OpenID and passwords, encryption and so on. Today I received an email from UKReg (aka Fasthosts) to tell me that somebody may have stolen their customer data and may have access to the account passwords.
Fasthosts suggested I change my password. I couldn’t seem to log in, so I clicked the “Forgotten Password” link. They then sent me an email containing my password.
It struck me how ridiculously insecure that is. That means they store my password in plain text. They can look it up if they want to. That’s outrageous. In almost all systems, the password is stored in encrypted (technically hashed) form. If you lose your password, you can’t recover it, you need to create a new one.
Of course, the biggest problem with passwords is always the same. Damned users. It never fails to amaze me how many people use the same password for everything. Otherwise intelligent people, who damn well should know better.
So, go change your passwords. Even writing them all down in a book is still more secure than using the same password everywhere.
Recent Comments