[Novalug] PC Security

Simon Elmir nerd65536@gmail.com
Sun Aug 10 18:11:54 EDT 2014


On Sun, Aug 10, 2014 at 1:23 PM, Jon LaBadie via Novalug <
novalug@firemountain.net> wrote:

> Do I understand correctly, TC and maybe LUKS, use a key to encrypt the data
> and a password to gain access to (?unlock?) the key?
>
> UNIX/Linux passwords are kept in text files (/etc/{passwd,shadow}) in a
> hashed or encrypted form.  They are never decrypted.  Instead the users
> plain text entry is encrypted using the same algorithm and compared to
> the stored encrypted form.
>
> With a program that uses the same algorithm one could encrypt a password
> of your choice and assuming you have access to the files, use a text
> editor to install your password.
>
> I'm guessing that TC/LUKS uses a similar scheme with its passwords.  I
> don't know where they are stored or the algorithm, but with open source
> I'm sure it could be determined.
>
> Thus armed and with physical access, one could boot a live distro and
> access the physical disks with administrators rights.
>
> Perhaps I'm mis-understanding something about TC/LUKS that would not
> allow this.
>
> Jon
>

LUKS uses the TKS1 key setup scheme. Full writeup here:
https://code.google.com/p/cryptsetup/wiki/TKS1

Basically, the disk is encrypted using a master key which never changes.
Each user is given copy of this master key encrypted using their password.
When a user changes their own password, LUKS has access to the plaintext
original password, so their copy of the master key can be decrypted and
encrypted using their new password.
(Truecrypt uses a similar scheme, with only one copy of the master key.)

Note that a user's real password is required to decrypt the master key. If
their password is reset from a live CD, that would do nothing to decrypt
their copy of the master key; the original password is the only thing that
can decrypt it.

Using this method, the data is indeed safe in the case of theft. The
attacker would not have access to your password and would not be able to
decrypt your copy of the master key. (If you have a good password,
brute-forcing is infeasible.)

Using this method, the data IS NOT safe in the case of tampering. If
somebody has physical access to the computer, they can freely modify the
above behavior any way they like. Even if you use full disk encryption, the
attacker can install a bootkit (
http://en.wikipedia.org/wiki/Rootkit#Bootkits) to compromise the system. So
the next time you log in, your password can be sent to the attacker.

-Simon Elmir



More information about the Novalug mailing list