LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security quotes of the week

[Posted August 18, 2010 by jake]

Intel and Nokia were pushing MeeGo, and I talked to their security people at the show. The MeeGo security architecture seems to be more about protecting the device from the user than protecting the user's data from malicious code. The architecture's security goals align more with those of the access providers and content providers.
-- Dan Walsh

Oh well. I have a nice batch of more serious problems in the pipeline, but still waiting on vendors, so that's it for now :-)
-- Michal Zalewski

In eCryptfs, this hash is calculated to unlock the main key that is used for eCryptfs and is then thrown away (it can always be regenerated when the user logs in). If the user changes their passphrase, they must decrypt and re-encrypt the eCryptfs key (this is done automatically by PAM). Under Windows, to deal with potential user login passphrase changes, they instead decided to store all prior (SHA1) hashes of the user's passphrases, even lacking a salt. So all the clear-text user login passphrases are recoverable with a standard rainbow table, in parallel. O_o
-- Kees Cook
(Log in to post comments)

Security quotes of the week

Posted Aug 22, 2010 9:20 UTC (Sun) by pabs (subscriber, #43278) [Link]

Hmmm, I guess that is why Nokia folks are interested in hiring folks with DRM experience:

http://maemo.org/news/jobs/digital_rights_management_spec...

Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds