[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
- To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
- From: Jeffrey Walton <noloader@xxxxxxxxx>
- Date: Sun, 12 Dec 2010 06:16:14 -0500
On Sun, Dec 12, 2010 at 2:14 AM, Thor (Hammer of God)
<thor@xxxxxxxxxxxxxxx> wrote:
>> > Hello to All,
>> >
>> > If anyone have serious hands-on experience with this, I would like to
>> > know some hard facts about this matter... I thought to ask you,
>> > because here're some of the top experts in this field, so I could find few
>> better places.
>> > Hope you can nodge me in the right direction, and take the time to
>> > answer this.
>> >
>> > ...
>> >
>> > Could some of you please give me some of your thoughts about this?
>> > And, maybe, what other methods of file system encryption are out there
>> > which are more secure?
>> >
>> If you are using a PBE (password based encryption), its no stronger than the
>> password. Though stated regarding Microsoft's BitLocker, the same applies
>> to all PBE systems: "BitLocker, at its core, is a password technology, we
>> simply
>> have to get the password...", Exploration of Windows 7, Advanced Forensics
>> Topic (page 70).
>>
>> If your file system key is on a USB thumb drive, the security is probably
>> only
>> as strong as the physical security on the thumb drive.
>>
>> Jeff
>
> Hey Jeff - not sure if you read the LE deck or just referenced Wikipedia, but
> regarding Bitlocker, there is a good bit more to it. Saying to "simply" get
> the password (not sure who would have written that) isn't "simple." It's not
> like the password (passphrase) is stored anywhere... And yes, there should
> be some physical security around the USB key, where the actual KEY is, but
> with Bitlocker anyway, you can leverage TPM, etc to make things far more
> difficult.
>
> I'm not familiar with CentOS's drive encryption solution - does it operate
> like bitlocker in that system configuration hashes must match that stored by
> BL before mounting? That's one of the benefits of Bitlocker - even if you
> have the PIN, you can't mount the drive in another machine. If CentOS acts
> in a similar manner, then just getting the password won't help.
>
> When you throw TPM in the mix with a PIN (as the actual deck refers to), then
> you need the PIN to get to the TPM to get the keys used to check the stored
> hash against the system before it can mount. TPM-based encryption is pretty
> easy, so if CentOS supports that, it very well be far more difficult (or
> statistically impossible) to decrypt. In Bitlocker's case, if a recovery
> key infrastructure is in place, then those could be leveraged as well.
>
Agreed if the TPM is present.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/