Full Disclosure mailing list archives
Re: Just how secure encrypted linux partitions really are?
From: Levente Peres <sheridan () sansz org>
Date: Sun, 12 Dec 2010 12:52:35 +0100
stormrider, Jeffrey, Thor... and all others, You gave me quite a bit of thinking, reading and reconsidering to do. I'm going to have to redesign the whole issue from scratch - not that it's a bad thing. Better investing some more time and effort now, than sweat maybe later. Thank you so much for taking the time to answer me. Levente 2010.12.12. 12:28 keltezéssel, stormrider írta:
You should take care of a few things when encrypting hard drives and feeling secure with it. * Do's * A) Use a token. That means: Generate a loooong key. Encrypt that key and put the encrypted key on a thumb-drive. Make sure you leave no trace when doing that step. (Good way is to make that part from a live-cd). So when you want to mount the disc, you use a password, that decrypts the *real* key from the thumb-drive and uses that to decrypt the disc. Make sure nobody copies your token. That gives you two access components: *Have* the token and *Know* the password. Just like your bank card. B) Mostly messed up rule: Use a strong password! You can have TPM or a super secret USB Token or whatsoever. When they get your password nothing's secure anymore. You may want to begin shivering at that point. (shiver less when you had time to destroy your token before. Stop shivering when you're 100% sure nobody made a copy of your token) * Reminds * As long as the machine is running there is almost no protection of the data! 1) Every vulnerability inside the OS or daemons or else could make accessing your data possible - just as if there was no encryption. 2) Other attack vectors depend on *who* might want to take a closer look. For some people it makes quite a lot fun to freeze your system RAM and read it out later. That would indeed reveal your key. 3) Any unauthorized access to your box voids the system integrity so you should think about countermeasures. Broken integrity means forget encryption as a mighty little goblin might sit on your PCI bus reading your RAM by DMA (also elves and fairies thinkable). So if you want to be sure about that you shouldn't leave your box alone and running. If you do so, make sure the power gets switched off as soon as someone enters the room. Also make sure that it takes a few minutes to gain access to your memory sticks after power loss, as it takes some time until the data is vanished from memory. You also shouldn't connect your box to any network - So actually the best thing you can do is: keep your secrets in mind, not on disc. You then only have to make sure not being water-boarded or so, as this might also break your mind (this might also make you shout out any password anyways - so avoid that) ;-) stromrider Am 12.12.2010 01:43, schrieb Levente Peres:Hello to All, If anyone have serious hands-on experience with this, I would like to know some hard facts about this matter... I thought to ask you, because here're some of the top experts in this field, so I could find few better places. Hope you can nodge me in the right direction, and take the time to answer this. Let's suppose I have a CentOS server, with encrypted root partition, and I put the /boot partition on a separate USB key for good measure. Encryption technology is the default which "ships" with CentOS 5.5 and it's LVM. If someone gets hold of that machine, or rather, the drives inside the Smart Array, what are the chances he can "decrypt" the root partition, thus gaining access to the files, if he doesn't know the key? I mean I know that given enough time, probably it could be done with brute-force. But seriously, how much of a hinderance this is to anyone attempting to do this? Does it offer any serious protection or is it just some inconvenience to the person conducting the analysis of the machine? How realistic is it that one can accomplish the decryption inside a reasonable amount of time (like, say, within half a year or so)? Could some of you please give me some of your thoughts about this? And, maybe, what other methods of file system encryption are out there which are more secure? Thanks, Levente _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ --- avast! Antivirus: Inbound message clean. Virus Database (VPS): 101211-1, 2010.12.11 Tested on: 2010.12.12. 12:36:20 avast! - copyright (c) 1988-2010 AVAST Software. http://www.avast.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Just how secure encrypted linux partitions really are? Levente Peres (Dec 11)
- Re: Just how secure encrypted linux partitions really are? Jeffrey Walton (Dec 11)
- Re: Just how secure encrypted linux partitions really are? Thor (Hammer of God) (Dec 11)
- Re: Just how secure encrypted linux partitions really are? news (Dec 12)
- Re: Just how secure encrypted linux partitions really are? news (Dec 12)
- Re: Just how secure encrypted linux partitions really are? Jeffrey Walton (Dec 12)
- Re: Just how secure encrypted linux partitions really are? Thor (Hammer of God) (Dec 11)
- Re: Just how secure encrypted linux partitions really are? Jeffrey Walton (Dec 11)
- Re: Just how secure encrypted linux partitions really are? stormrider (Dec 12)
- Re: Just how secure encrypted linux partitions really are? Levente Peres (Dec 12)
- Re: Just how secure encrypted linux partitions really are? George Hedfors (Dec 12)