I mean if I encrypt my ""full system"" so that everything (besides the /boot) is in an encrypted VolumeGroup (Linux).
So I store my /boot on a flash drive, thats always next to me.
Q: can the encrypted VolumeGroup (or in any similar solution an encrypted Image) compromised in a way that If I want to "mount" it it steals my password? (I keep my /boot on a flash drive next to me because it's not encrypted and the kernel/crypt drivers could be modified in a way, so that it can stole my password when typing the password to gain access to the encrypted VG.). So.. could this be done? Or is my method secure?
Thanks.
- 72,138
- 22
- 136
- 218
- 6,149
- 11
- 60
- 91
3 Answers
If someone can play with your encrypted volume group, it sounds like they have physical access to most of your hardware. If that is true, all bets are off - your system is insecure. They can attack the BIOS, the keyboard, etc. It isn't clear what threats you would deter by carrying /boot around with you on USB. See
You mean with the attacker having physical access right? So the question is, if someone can compromise your machine under the conditions described below:
- your usb (/boot, keys and everything) is not mounted/present
- the system is shut down
- the whole hard disk is encrypted
- you are far away
- the attacker has complete physical access
My answer is yes. One way to go in this attack would be this:
- He can reset the bios (to disable possible password protection)
- Get his own hard disk in there (or usb drive or something)
- Enable boot from the usb drive or his hard disk
- set up a minimal operating system there which upon boot finds your mounted usb (with your keys), copies it over and sends him the details
Something like that should work, it could be finetuned of course, but it's certainly possible.
- 10,968
- 1
- 36
- 43
With malicious physical access, someone could put a hardware keylogger inline with your keyboard, and a USB data sniffer to capture the contents of the flashdrive when it is plugged in.
For practical purposes, however, that is safe enough to use for security applications. However, to be more secure, you would need to ensure physical safeguards, not just electronic.
To be more specific to your question; in order to modify the encrypted partition to add arbitrary data, your partition would already be compromised. Encryption is designed just as much to prevent the modification of its contents as it is designed to protect them
- 759
- 4
- 9
-
Correction, encryption is *not* designed to prevent modification, it provides **confidentiality only**. For integrity protection, you'd need a hash-based mechanism, such as HMAC, or digital signatures. – AviD May 31 '11 at 15:45