LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-05-2009, 01:21 PM   #1
PlatinumX
Member
 
Registered: May 2008
Location: France
Distribution: Debian / Fedora / Gentoo
Posts: 178

Rep: Reputation: 15
Question Security of LUKS encryption


Hi all,

We are using Fedora on a few laptops, and LUKS with passphrase at boot to cipher data.
However, i read that using LUKS with a passphrase, I am vulnerable to cold boot attack.

If I use an external USB stick at boot time, or a USB stick + a passphrase a boot time, am I robust to that kind of attacks ?

Thanks
 
Old 06-05-2009, 01:39 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by PlatinumX View Post
We are using Fedora on a few laptops, and LUKS with passphrase at boot to cipher data.
However, i read that using LUKS with a passphrase, I am vulnerable to cold boot attack.

If I use an external USB stick at boot time, or a USB stick + a passphrase a boot time, am I robust to that kind of attacks ?
No, you'd still be just as vulnerable, since the key would still reside in the same RAM chips.
 
Old 06-05-2009, 08:51 PM   #3
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Essentially, all encryption is vulnerable to such a cold boot attack. That being said, if your data is that important, your armed guards, security systems, and other multiple levels of physical security should be able to ensure that nobody is able to get access needed to exploit such a vulnerability.
 
Old 06-06-2009, 03:59 AM   #4
PlatinumX
Member
 
Registered: May 2008
Location: France
Distribution: Debian / Fedora / Gentoo
Posts: 178

Original Poster
Rep: Reputation: 15
You never know where a laptop will finish...
 
Old 06-06-2009, 05:51 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by PlatinumX View Post
You never know where a laptop will finish...
I think the best you can do in that case is implement a shutdown script that overwrites your memory (there was one posted here in Security a while back, look for it). With that, at least you'll know you're okay if you do a proper shutdown. You'd still be vulnerable if someone gets their hands on your laptop while it's turned on, though.

Last edited by win32sux; 06-06-2009 at 05:55 AM.
 
Old 06-06-2009, 04:08 PM   #6
PlatinumX
Member
 
Registered: May 2008
Location: France
Distribution: Debian / Fedora / Gentoo
Posts: 178

Original Poster
Rep: Reputation: 15
Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How secure LUKS/LVM disk encryption really is? <Ol>Origy Linux - Security 14 03-09-2009 12:09 PM
Resize ext4 partition with LUKS encryption wsduvall Linux - Software 1 03-09-2009 10:14 AM
LUKS encryption question DarkpawT Linux - Software 4 11-05-2008 01:18 AM
luks encryption, swap and hibernate BCarey Slackware 6 04-15-2008 05:48 PM
System encryption with dm-crypt and luks? Zmyrgel Slackware 9 09-02-2006 10:40 AM


All times are GMT -5. The time now is 03:34 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration