Re: LUKS/dm-crypt vulnerable?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Heinz Diehl <htd@xxxxxxxxxxxxxxxxx> wrote:

> Yes, all that I'm totally aware of, but that was not what I meant (or I'm
> misunderstanding the whole):
> 
> The article on "stoned" is not detailed enough to explain if the system
> must be running to have it installed, or if it is also possible to 
> break into a _powered off_ system by installing "stoned" (or whatever) in
> the MBR.

Sure, just dismantle the hdd, install the rootkit, then put it back
into the target comp. 


> Would it be possible to break into my data by installing "stoned for
> Linux" or whatever into my MBR?

Yes, theoretically. Direct physical access is always the key. You
could (and should) check integrity of the boot chain to detect such
tampering. That is not always possible, and depends largely on the
setup in use.


> I't quite clear to me that people who can get physical access to
> this Laptop (or whatever computer) can install a keylogger or
> manipulate it in a way that they can get hands on my passphrase or
> the key. They can do what they want to infect my machine with all
> kind of malware to spy on me.

Ah, ...

> But what happens when the machine is powered off and stolen? The
> thief wants to have my data. Can he/she use something like "stoned"
> to get into the system and decrypt the harddisk contents?

... now I think I understand the Q.

Something like an install of "stoned" does not yield any access to
your data in the case you describe. All that "stoned" manages is to
lay out a trap. If your system gets stolen while being fully
encrypted the attacker gains nothing via "stoned" at all. 

It would be different if the attacker modified things you dont know
about, and you continue to normally use your machine. Hence the
importance of denying direct physical access to your machine, and/or
take precautions to detect such tampering.

-- 
left blank, right bald

Attachment: pgp9wKn0TsPZA.pgp
Description: PGP signature

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux