[Novalug] PC Security

Simon Elmir nerd65536@gmail.com
Sun Aug 10 21:31:37 EDT 2014


On 08/10/2014 01:23 PM, Jon LaBadie via Novalug wrote:
> Do I understand correctly, TC and maybe LUKS, use a key to encrypt the data
> and a password to gain access to (?unlock?) the key?
>
> UNIX/Linux passwords are kept in text files (/etc/{passwd,shadow}) in a
> hashed or encrypted form.  They are never decrypted.  Instead the users
> plain text entry is encrypted using the same algorithm and compared to
> the stored encrypted form.
>
> With a program that uses the same algorithm one could encrypt a password
> of your choice and assuming you have access to the files, use a text
> editor to install your password.
>
> I'm guessing that TC/LUKS uses a similar scheme with its passwords.  I
> don't know where they are stored or the algorithm, but with open source
> I'm sure it could be determined.
>
> Thus armed and with physical access, one could boot a live distro and
> access the physical disks with administrators rights.
>
> Perhaps I'm mis-understanding something about TC/LUKS that would not
> allow this.
>
> Jon

LUKS uses the TKS1 key setup scheme. Full writeup here: 
https://code.google.com/p/cryptsetup/wiki/TKS1

Basically, the disk is encrypted using a master key which never changes. 
Each user is given copy of the key encrypted using (a key derived from a 
hash of) their password.
(Truecrypt uses a similar scheme, with only one copy of the master key.)

When a user changes their password, they supply their original password 
and the new one, so their copy of the master key can be decrypted and 
encrypted using their new password. (This is typically handled 
behind-the-scenes.)
Note that a user's real password is always required to decrypt the 
master key. If their password is reset, either from a live CD or by an 
administrator, that would do nothing to decrypt their copy of the master 
key; the user's original password is the only thing that can decrypt it.

Using this method, the data is indeed safe in the case of theft. The 
attacker would not have access to your password and would not be able to 
decrypt your copy of the master key. (If you have a good password, 
brute-forcing is infeasible.)

Using this method, the data IS NOT safe in the case of tampering. If 
somebody has physical access to the computer, they can freely modify the 
above behavior any way they like. Even if you use full disk encryption, 
the attacker can install a keylogger or bootkit 
(http://en.wikipedia.org/wiki/Rootkit#Bootkits) to compromise the 
system: The next time you log in, your password can be sent to the attacker.

-Simon Elmir




More information about the Novalug mailing list