Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Some days ago, I got an idea to test the linux file system (ext4) on my pen drive. My purpose was to make sure, whether the files on my pen drive are accessible on other computers or not.
I cp some files to the device and changed the ownership and access rights of them.
I checked later these files, if I'm able to read them or not. Unfortunately I was able on another Linux, what more, when I was root I could change all rights and ownership features.
Well, I thought, there must be one way against theft and securing my data. I thought to encryption.
But I don't really understand the functioning of a fully encrypted drive. Does it mean, that:
1, you always have to decrypt your data with every boot? (I can imagine a program, which asks a password for decryption with every boot. And if you don't have the password you can not use your linux machine for anything. Is that right?)
2, if the man, who theft your device, connect it to his Linux-based computer, he can not see neither the contents nor the access rights. So he is not able to look what he exactly gained.
3, and if the man, who theft your device, has no idea what kind of program you used to encrypt your data has to firstly find out what was the program to crack your device?
RedHat uses luks - I'm pretty sure cryptsetup is available for Debian too. I know with cryptsetup you can encrypt the drive and then put in the passphrase 1 time for that box and add it to /etc/fstab. After that as long as the device is connected you will be able to see what is on it. That is contingent upon the passphrase not being changed.
Some days ago, I got an idea to test the linux file system (ext4) on my pen drive. My purpose was to make sure, whether the files on my pen drive are accessible on other computers or not.
I cp some files to the device and changed the ownership and access rights of them.
I checked later these files, if I'm able to read them or not. Unfortunately I was able on another Linux, what more, when I was root I could change all rights and ownership features.
On a removable drive, depending on where the drive is mounted will depend on who the permissions apply to. In any event, root on a given system has access to any file on the system.
Quote:
1, you always have to decrypt your data with every boot? (I can imagine a program, which asks a password for decryption with every boot. And if you don't have the password you can not use your linux machine for anything. Is that right?)
Any partitions you encrypt will remain inaccessible until mounted. Assuming LUKS, the system can mount them decrypted once supplies with the passphrase or a keyfile. You can set them up to mount decrypted automatically at boot but it somewhat defeats the purpose of encryption.
If you forget your password then the data will remain inaccessible. Unless you encrypt the root partition as well, the system should still be usable. If you encrypt the root partition and forget the password you are pretty much out of luck.
Quote:
2, if the man, who theft your device, connect it to his Linux-based computer, he can not see neither the contents nor the access rights. So he is not able to look what he exactly gained.
Correct
Quote:
3, and if the man, who theft your device, has no idea what kind of program you used to encrypt your data has to firstly find out what was the program to crack your device?
No. He can know you used LUKS (for example) and it won't do the thief any good. He could even likely know the algorithm you used and it still wouldn't help unless you use something with a known exploitable flaw.
Last edited by NyteOwl; 12-27-2012 at 05:16 PM.
Reason: Fixed typos
Almost all formats are only useful when you maintain physical security. Encryption of a partition or within files does prevent access when physical security has been breached. It does not guarantee you will always have access to the data. Many a file has been lost by not having a protected backup.
There are only so many encryption schemes. There are many ways to simplify cracking and not sure there is any that some of the big governments can't crack by brute force.
Some of the simple encryption would prevent casual thief. Many of the ways can be tied to a scheme so that you never notice it's use. You can make a self signed certificate or other means to open that drive/files.
Not too long ago hardware based usb world wide company found out the hard way that their stuff was easy to crack. Assume that your choice may already be breached by skilled hackers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.