LUKS encryption security

nomival · 09-29-2023, 12:22 PM

Hello.

Suppose you a new physical disk to a server where you must store sensitive data with the following commands:

1. get disks

Code:

lsblk

2. format and setup with luks2

Code:

cryptsetup luksFormat --type luks2 /dev/sdb

2. open it

Code:

cryptsetup luksOpen /dev/sdb safe_data

3. fill space with 0

Code:

dd if=/dev/zero of=/dev/mapper/safe_data status=progress

4. format it

Code:

mkfs.ext4 /dev/mapper/safe_data

5. mount it

Code:

mount /dev/mapper/safe_data /home/safe_data

6. copy data on it from secure web transfer

Now i am curious, suppose the server gets a shutdown/reboot (power outage) without manually running the `cryptsetup luksClose` cmd on a encrypted container. Is there any possibility that you can access the data without entering the password because you did not closed the container?

You can have physical access to the disk, dump ram memory or even using recovery software.

How about run-time attacks (having access to the server but not knowing user/pass to log in)?

Thank you.

DoorDaesh · 09-30-2023, 12:58 AM

The password/key is stored in the (volatile) RAM, so if the machine reboots, it's gone and the ciphertext is secure.

jmccue · 09-30-2023, 07:00 AM

Quote:

Originally Posted by nomival

Hello.
3. fill space with 0

Code:

dd if=/dev/zero of=/dev/mapper/safe_data status=progress

I would use /dev/urandom instead of /dev/zero. If on an SDD type drive, I would probably skip this step. From what I read skipping this on an SDD only increases the risk slightly.

Quote:

Originally Posted by nomival

Now i am curious, suppose the server gets a shutdown/reboot (power outage) without manually running the `cryptsetup luksClose` cmd on a encrypted container. Is there any possibility that you can access the data without entering the password because you did not closed the container?

As someone said, no risk. I heard in theory for a short bit of time a Ghost image could be there, but it will be gone rather quickly.

Another concern, if you hibernate, is there a risk of what you asking ? I think there could be.

nomival · 10-04-2023, 02:10 PM

Quote:

Originally Posted by DoorDaesh

The password/key is stored in the (volatile) RAM, so if the machine reboots, it's gone and the ciphertext is secure.

If machine suddenly shut down, then a RAM attack can be performed, right?

More than that, mounting path gets lost.

nomival · 10-04-2023, 02:12 PM

Quote:

Originally Posted by jmccue

I would use /dev/urandom instead of /dev/zero. If on an SDD type drive, I would probably skip this step. From what I read shipping this on an SDD only increases the risk slightly.

As someone said, no risk. I heard in theory for a short bit of time a Ghost image could be there, but it will be gone rather quickly.

Another concern, if you hibernate, is there a risk of what you asking ? I think there could be.

From what i know, you can't write on SSD where you want, it actually writes where it wants. What do you mean about increasing the risk? I thought it is healthy to write random data everywhere.

jmccue · 10-05-2023, 09:30 AM

crap, instead of saying "From what I read shipping", I meant to say "From what I read skipping"

You should do a search, I did when I replaced a HDD with a SDD on my main system running Slackware

I saw somewhere that w/LUKS, all people could tell on a SDD where the file is, but that file will be encrypted. That is using LUKs and trim. Plus if you do not trim, then security increases. FWIW, I trim and use LUKs because I doubt the NSA even cares about me. My main concern is theft, and what I do is good enough for that.

But the articles about SDDs and LUKS and trim are very confusing and there are many conflicting statements. So I chose what I think was the best for me, no dd and use trim.

But using /dev/zero is the same as not doing it at all.

For HDDs using /dev/urandom will help a lot with security. For SDDs I do not know.