[Novalug] PC Security
Simon Elmir
nerd65536@gmail.com
Sun Aug 10 21:31:37 EDT 2014
On 08/10/2014 01:23 PM, Jon LaBadie via Novalug wrote:
> Do I understand correctly, TC and maybe LUKS, use a key to encrypt the data
> and a password to gain access to (?unlock?) the key?
>
> UNIX/Linux passwords are kept in text files (/etc/{passwd,shadow}) in a
> hashed or encrypted form. They are never decrypted. Instead the users
> plain text entry is encrypted using the same algorithm and compared to
> the stored encrypted form.
>
> With a program that uses the same algorithm one could encrypt a password
> of your choice and assuming you have access to the files, use a text
> editor to install your password.
>
> I'm guessing that TC/LUKS uses a similar scheme with its passwords. I
> don't know where they are stored or the algorithm, but with open source
> I'm sure it could be determined.
>
> Thus armed and with physical access, one could boot a live distro and
> access the physical disks with administrators rights.
>
> Perhaps I'm mis-understanding something about TC/LUKS that would not
> allow this.
>
> Jon
LUKS uses the TKS1 key setup scheme. Full writeup here:
https://code.google.com/p/cryptsetup/wiki/TKS1
Basically, the disk is encrypted using a master key which never changes.
Each user is given copy of the key encrypted using (a key derived from a
hash of) their password.
(Truecrypt uses a similar scheme, with only one copy of the master key.)
When a user changes their password, they supply their original password
and the new one, so their copy of the master key can be decrypted and
encrypted using their new password. (This is typically handled
behind-the-scenes.)
Note that a user's real password is always required to decrypt the
master key. If their password is reset, either from a live CD or by an
administrator, that would do nothing to decrypt their copy of the master
key; the user's original password is the only thing that can decrypt it.
Using this method, the data is indeed safe in the case of theft. The
attacker would not have access to your password and would not be able to
decrypt your copy of the master key. (If you have a good password,
brute-forcing is infeasible.)
Using this method, the data IS NOT safe in the case of tampering. If
somebody has physical access to the computer, they can freely modify the
above behavior any way they like. Even if you use full disk encryption,
the attacker can install a keylogger or bootkit
(http://en.wikipedia.org/wiki/Rootkit#Bootkits) to compromise the
system: The next time you log in, your password can be sent to the attacker.
-Simon Elmir
More information about the Novalug
mailing list