[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Just how secure encrypted linux partitions really are?

To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
From: news <news@xxxxxxxxxxx>
Date: Sun, 12 Dec 2010 09:27:10 +0100

Another thing : you have to make sure the swap is encrypted or there
will be chances that the passphrase is just sitting there in clear...

Le dimanche 12 décembre 2010 à 09:20 +0100, news a écrit :
> See : http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
> 
> ASFAIK, dmcrypt is the solution used by all distros around and it
> doesn't support TPM.
> 
> So cracking the disk "just" require the passphrase.
> Though you have to make sure it is not using CBC by default on CentOS,
> otherwise it would be possible to retrieve the passphrase pretty easily.
> 
> JC
> 
> Le dimanche 12 décembre 2010 à 07:14 +0000, Thor (Hammer of God) a
> écrit :
> > > > Hello to All,
> > > >
> > > > If anyone have serious hands-on experience with this, I would like to
> > > > know some hard facts about this matter... I thought to ask you,
> > > > because here're some of the top experts in this field, so I could find 
> > > > few
> > > better places.
> > > > Hope you can nodge me in the right direction, and take the time to
> > > > answer this.
> > > >
> > > > ...
> > > >
> > > > Could some of you please give me some of your thoughts about this?
> > > > And, maybe, what other methods of file system encryption are out there
> > > > which are more secure?
> > > >
> > > If you are using a PBE (password based encryption), its no stronger than 
> > > the
> > > password. Though stated regarding Microsoft's BitLocker, the same applies
> > > to all PBE systems: "BitLocker, at its core, is a password technology, we 
> > > simply
> > > have to get the password...", Exploration of Windows 7, Advanced Forensics
> > > Topic (page 70).
> > > 
> > > If your file system key is on a USB thumb drive, the security is probably 
> > > only
> > > as strong as the physical security on the thumb drive.
> > > 
> > > Jeff
> > 
> > Hey Jeff - not sure if you read the LE deck or just referenced Wikipedia, 
> > but regarding Bitlocker, there is a good bit more to it.  Saying to 
> > "simply" get the password (not sure who would have written that) isn't 
> > "simple."  It's not like the password (passphrase) is stored anywhere...  
> > And yes, there should be some physical security around the USB key, where 
> > the actual KEY is, but with Bitlocker anyway, you can leverage TPM, etc to 
> > make things far more difficult.
> > 
> > I'm not familiar with CentOS's drive encryption solution - does it operate 
> > like bitlocker in that system configuration hashes must match that stored 
> > by BL before mounting?   That's one of the benefits of Bitlocker - even if 
> > you have the PIN, you can't mount the drive in another machine.   If CentOS 
> > acts in a similar manner, then just getting the password won't help.  
> > 
> > When you throw TPM in the mix with a PIN (as the actual deck refers to), 
> > then you need the PIN to get to the TPM to get the keys used to check the 
> > stored hash against the system before it can mount.  TPM-based encryption 
> > is pretty easy, so if CentOS supports that, it very well be far more 
> > difficult (or statistically impossible) to decrypt.    In Bitlocker's case, 
> > if a recovery key infrastructure is in place, then those could be leveraged 
> > as well. 
> > 
> > In any event though, to answer the OP's specific question about getting to 
> > the drives in an array and decrypting them without the key, that would 
> > indeed be impossible unless there were some other configuration or 
> > implementation issue present. 
> > 
> > t
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Just how secure encrypted linux partitions really are?
  - From: Levente Peres
- Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
  - From: Jeffrey Walton
- Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
  - From: news

Prev by Date: Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
Next by Date: Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
Previous by thread: Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
Next by thread: Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
Index(es):
- Date
- Thread