[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Just how secure encrypted linux partitions really are?
- From: Levente Peres <sheridan@xxxxxxxxx>
- Date: Sun, 12 Dec 2010 12:52:35 +0100
stormrider, Jeffrey, Thor... and all others,
You gave me quite a bit of thinking, reading and reconsidering to do.
I'm going to have to redesign the whole issue from scratch - not that
it's a bad thing. Better investing some more time and effort now, than
sweat maybe later. Thank you so much for taking the time to answer me.
Levente
2010.12.12. 12:28 keltezéssel, stormrider írta:
> You should take care of a few things when encrypting hard
> drives and feeling secure with it.
>
> * Do's *
>
> A) Use a token. That means: Generate a loooong key. Encrypt that key and
> put the encrypted key on a thumb-drive. Make sure you leave no trace
> when doing that step. (Good way is to make that part from a live-cd). So
> when you want to mount the disc, you use a password, that decrypts the
> *real* key from the thumb-drive and uses that to decrypt the disc.
> Make sure nobody copies your token. That gives you two access
> components: *Have* the token and *Know* the password. Just like your
> bank card.
>
> B) Mostly messed up rule: Use a strong password! You can have TPM or a
> super secret USB Token or whatsoever. When they get your password
> nothing's secure anymore. You may want to begin shivering at that point.
> (shiver less when you had time to destroy your token before. Stop
> shivering when you're 100% sure nobody made a copy of your token)
>
> * Reminds *
>
> As long as the machine is running there is almost no protection of the data!
>
> 1) Every vulnerability inside the OS or daemons or else could make
> accessing your data possible - just as if there was no encryption.
>
> 2) Other attack vectors depend on *who* might want to take a closer
> look. For some people it makes quite a lot fun to freeze your system RAM
> and read it out later. That would indeed reveal your key.
>
> 3) Any unauthorized access to your box voids the system integrity so you
> should think about countermeasures. Broken integrity means forget
> encryption as a mighty little goblin might sit on your PCI bus reading
> your RAM by DMA (also elves and fairies thinkable).
>
> So if you want to be sure about that you shouldn't leave your box alone
> and running. If you do so, make sure the power gets switched off as soon
> as someone enters the room. Also make sure that it takes a few minutes
> to gain access to your memory sticks after power loss, as it takes some
> time until the data is vanished from memory.
>
> You also shouldn't connect your box to any network - So actually the
> best thing you can do is: keep your secrets in mind, not on disc. You
> then only have to make sure not being water-boarded or so, as this might
> also break your mind (this might also make you shout out any password
> anyways - so avoid that) ;-)
>
> stromrider
>
>
> Am 12.12.2010 01:43, schrieb Levente Peres:
>> Hello to All,
>>
>> If anyone have serious hands-on experience with this, I would like to
>> know some hard facts about this matter... I thought to ask you, because
>> here're some of the top experts in this field, so I could find few
>> better places. Hope you can nodge me in the right direction, and take
>> the time to answer this.
>>
>> Let's suppose I have a CentOS server, with encrypted root partition, and
>> I put the /boot partition on a separate USB key for good measure.
>> Encryption technology is the default which "ships" with CentOS 5.5 and
>> it's LVM.
>>
>> If someone gets hold of that machine, or rather, the drives inside the
>> Smart Array, what are the chances he can "decrypt" the root partition,
>> thus gaining access to the files, if he doesn't know the key? I mean I
>> know that given enough time, probably it could be done with brute-force.
>> But seriously, how much of a hinderance this is to anyone attempting to
>> do this? Does it offer any serious protection or is it just some
>> inconvenience to the person conducting the analysis of the machine? How
>> realistic is it that one can accomplish the decryption inside a
>> reasonable amount of time (like, say, within half a year or so)?
>>
>> Could some of you please give me some of your thoughts about this? And,
>> maybe, what other methods of file system encryption are out there which
>> are more secure?
>>
>> Thanks,
>>
>> Levente
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 101211-1, 2010.12.11
> Tested on: 2010.12.12. 12:36:20
> avast! - copyright (c) 1988-2010 AVAST Software.
> http://www.avast.com
>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/