Re: Just how secure encrypted linux partitions really are?

[Levente Peres <sheridan () sansz org>]

stormrider, Jeffrey, Thor... and all others,

You gave me quite a bit of thinking, reading and reconsidering to do. 
I'm going to have to redesign the whole issue from scratch - not that 
it's a bad thing. Better investing some more time and effort now, than 
sweat maybe later. Thank you so much for taking the time to answer me.

Levente

2010.12.12. 12:28 keltezéssel, stormrider írta:
> You should take care of a few things when encrypting hard
> drives and feeling secure with it.
>
> * Do's *
>
> A) Use a token. That means: Generate a loooong key. Encrypt that key and
> put the encrypted key on a thumb-drive. Make sure you leave no trace
> when doing that step. (Good way is to make that part from a live-cd). So
> when you want to mount the disc, you use a password, that decrypts the
> *real* key from the thumb-drive and uses that to decrypt the disc.
> Make sure nobody copies your token. That gives you two access
> components: *Have* the token and *Know* the password. Just like your
> bank card.
>
> B) Mostly messed up rule: Use a strong password! You can have TPM or a
> super secret USB Token or whatsoever. When they get your password
> nothing's secure anymore. You may want to begin shivering at that point.
> (shiver less when you had time to destroy your token before. Stop
> shivering when you're 100% sure nobody made a copy of your token)
>
> * Reminds *
>
> As long as the machine is running there is almost no protection of the data!
>
> 1) Every vulnerability inside the OS or daemons or else could make
> accessing your data possible - just as if there was no encryption.
>
> 2) Other attack vectors depend on *who* might want to take a closer
> look. For some people it makes quite a lot fun to freeze your system RAM
> and read it out later. That would indeed reveal your key.
>
> 3) Any unauthorized access to your box voids the system integrity so you
> should think about countermeasures. Broken integrity means forget
> encryption as a mighty little goblin might sit on your PCI bus reading
> your RAM by DMA (also elves and fairies thinkable).
>
> So if you want to be sure about that you shouldn't leave your box alone
> and running. If you do so, make sure the power gets switched off as soon
> as someone enters the room. Also make sure that it takes a few minutes
> to gain access to your memory sticks after power loss, as it takes some
> time until the data is vanished from memory.
>
> You also shouldn't connect your box to any network - So actually the
> best thing you can do is: keep your secrets in mind, not on disc. You
> then only have to make sure not being water-boarded or so, as this might
> also break your mind (this might also make you shout out any password
> anyways - so avoid that) ;-)
>
> stromrider
>
>
> Am 12.12.2010 01:43, schrieb Levente Peres:
> > Hello to All,
> >
> > If anyone have serious hands-on experience with this, I would like to
> > know some hard facts about this matter... I thought to ask you, because
> > here're some of the top experts in this field, so I could find few
> > better places. Hope you can nodge me in the right direction, and take
> > the time to answer this.
> >
> > Let's suppose I have a CentOS server, with encrypted root partition, and
> > I put the /boot partition on a separate USB key for good measure.
> > Encryption technology is the default which "ships" with CentOS 5.5 and
> > it's LVM.
> >
> > If someone gets hold of that machine, or rather, the drives inside the
> > Smart Array, what are the chances he can "decrypt" the root partition,
> > thus gaining access to the files, if he doesn't know the key? I mean I
> > know that given enough time, probably it could be done with brute-force.
> > But seriously, how much of a hinderance this is to anyone attempting to
> > do this? Does it offer any serious protection or is it just some
> > inconvenience to the person conducting the analysis of the machine? How
> > realistic is it that one can accomplish the decryption inside a
> > reasonable amount of time (like, say, within half a year or so)?
> >
> > Could some of you please give me some of your thoughts about this? And,
> > maybe, what other methods of file system encryption are out there which
> > are more secure?
> >
> > Thanks,
> >
> > Levente
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 101211-1, 2010.12.11
> Tested on: 2010.12.12. 12:36:20
> avast! - copyright (c) 1988-2010 AVAST Software.
> http://www.avast.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/