this post was submitted on 30 Nov 2023
29 points (91.4% liked)

Linux

48624 readers
1487 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
all 37 comments
sorted by: hot top controversial new old
[–] ipsirc 48 points 1 year ago (3 children)
[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

Except when your drive is encrypted you can easily destroy its contents. Let's say you're DorkPirate1337 who happens to care about their opsec; you luksEncrypt your drive and have a simple script that runs when a specific USB key is disconnected, triggers luksErase, and then poweroffs. Voila, when the school principal snatches your unlocked laptop while you're in the lib, all your pirated hentai becomes permanently unaccessible whether you give up the password or not. [Edit: the USB key is strapped to your wrist]

Note: luks uses 2 encryption keys, where one is randomly generated and encrypts the actual data, and the second one is given by the user and encrypts the first one; luksErase destroys the luks header containing that first key

[–] [email protected] 1 points 1 year ago

Not that other means of accessing the passwords aren't worth considering, but in the real world, it takes a lot more for someone to actually coerce your password from you than to use unencrypted storage.

I generally like xkcd, but this is a harmful trivialization of the value of encryption. In the real world, anything that isn't encrypted is negligent as hell. There's no valid reason not to do it, with maybe the exception of a thumb drive you're sharing across a computers you don't control and are clearly aware is not secure.

[–] Anarch157a 31 points 1 year ago (2 children)

Safe in what context ?

If the drive is mounted and data accessible, in case your computer is compromised by some kind of malware, well, the data will be easy to exfiltrate. Now, if the computer is turned off or the drive unmounted, that's what encryption comes in to protect it.

So, basically, encryption will protect the data in case of physical theft of the drive or in case of remote hacking if the drive is un-mounted.

[–] [email protected] 5 points 1 year ago (1 children)

Safe in the context of someone stealing the hard drive and look through private photos and stuff by plugging the drive into another device.

[–] Anarch157a 34 points 1 year ago (1 children)

In that case, without encryption, your safety is zero. That's the exact scenario that full-drive encryption was designed for.

[–] [email protected] 3 points 1 year ago (2 children)

Well... shit. Thank you for your great advice. I'm gonna look for how I can secure my data.

[–] MimicJar 7 points 1 year ago (1 children)

Out of curiosity what sort of safety did you think an unencrypted hard drive had?

I mean no offense and I think it's a perfectly fine question to ask, I just want to understand what you expected.

[–] [email protected] 1 points 1 year ago (3 children)

I had the expection that Linux is already set up as a multi-user environment and has that feature built in.

Of course that "isolation" of data, as I had it in my mind, wouldn't be really secure, but it doesn't have to be that for me. I just don't want anyone to access it easily.

[–] Para_lyzed 9 points 1 year ago

Perhaps it's useful to provide some clarification here. As the other user stated, Linux is set up for multi-user setups and provides logical protection, but you seem to misunderstand how operating systems and file permissions work.

If someone steals your unencrypted hard drive and boots into their own operating system, they are able to circumvent all access control and permissions on your hard drive. This is because when they mount your hard drive your operating system isn't running; they're simply reading the stored data, so the access control and permissions set up by your operating system don't mean anything. This happens with ALL operating systems (Linux, BSD, Windows, MacOS, etc.). Logical protection like access control is only useful while the OS is running, and it cannot help otherwise.

This is why encryption is important, because it prevents unauthorized access when the OS isn't running. If you'd like to see just how easy it is to access unencrypted data, make a live USB and boot into it on any unencrypted computer (assuming you have permission to do so if you don't own the computer). You don't even need to extract the hard drive in most cases to read file contents, you can simply boot into a live USB. The only situation where this isn't the case is when USB booting is disabled in the BIOS and the BIOS is password protected, but you could always just remove the CMOS battery to clear the settings to bypass the BIOS password anyway.

Unencrypted data will always be trivial to retrieve when the attacker is allowed physical access to your computer.

[–] [email protected] 4 points 1 year ago

Simplified, there's two layers to data protection, physical and logical. Linux or basically any correctly configured modern operating system provides logical protection, i.e. access under the running OS is only granted to authorized users. Granted you can still put holes in here, e.g. a webserver is misconfigured and allows access to any user to all files it can read. However, from the OS perspective, everything is fine, as the webserver can still only read what it's allowed to.

Data encryption protects data at rest, i.e. when no operating system enforcing the logical protection is running. The case has already been described so I'm not gonna repeat that here.

It's important to understand that in general, these two measures are completely seperate from each other. Device encryption won't help against logical attacks, and logical protection won't help against offline attacks. You need both if you can't rule out an attack vector completely (i.e. your server sits in a secure safe that can't be opened by anyone not authorized to, then encryption might not be necessary).

[–] [email protected] 3 points 1 year ago

No poorly not. Just as Windows by default. Systemd-homed is a solution for that but afaik its questionable if its ready. Would be great if Distros like Fedora shipped it by default.

An encrypted system rather than an encrypted user partition is still necessary, because attackers could replace system files or simply add a service that uploads your stuff somewhere, or manipulate sudo, or log your password etc.

[–] [email protected] 14 points 1 year ago* (last edited 1 year ago) (1 children)

If the device get stolen, your drive and its files can be easily read.

Other attacks like malware or ransomware are almost the same if the drive is encrypted or not.

Disk encryption is important for laptops and phones because these devices are frequently stolen. For desktop or servers is still good idea, though.

[–] [email protected] 2 points 1 year ago (3 children)

Thanks a lot for your answer. How would you encrypt a server? Typing a password every time it boots isn't possible for me, since I would need a monitor for my headless server.

[–] [email protected] 4 points 1 year ago (1 children)

That's why it's not always an option.

Some servers have some kind remote console hardware, with their own security issues.

Your "threat model" is important too. Do you expect that server to get stolen? If it happens, is there critical data that should not leak?

Maybe you need to encrypt a directory, and not the whole drive.

[–] [email protected] 2 points 1 year ago

My threat model isn't high. Just normal stuff everyone has, but that would be disadvantagely if someone else got them.

It's more if a precautionary measure. It doesn't have to be super safe, but better than nothing.

[–] wmassingham 2 points 1 year ago

Either self-encrypting drives (if you trust the OEM encryption) or auto-unlock with keys in the TPM: https://wiki.archlinux.org/title/Trusted_Platform_Module#Data-at-rest_encryption_with_LUKS

[–] [email protected] 12 points 1 year ago

You are relying 100% on physical security. If nobody can take your drive or physically operate your computer, it is safe.

If I could boot a USB stick on your machine, or pull the drive, accessing your data would be trivial.

[–] [email protected] 12 points 1 year ago

Somebody can take your disk, easily mount filesystem, and read everything.

[–] Irkiosan 11 points 1 year ago (1 children)

If the risk of physical data theft is high, your data is at risk. If the risk of physical access to you machine is rather low, encryption might actually increases the risk of losing your data simply by the chance of losing the means to access your data (forgotten passphrase, lost hardware key...).

[–] [email protected] 1 points 1 year ago

It might also be harder to recover picies if the hard drive fail partially. However, many use SSD now, might be a different story there.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 6 points 1 year ago (1 children)
[–] cbarrick 5 points 1 year ago* (last edited 1 year ago)

An encrypted hard drive means that someone cannot physically steal your hard drive and read its contents.

Encryption-at-rest is generally moot against RCE exploits, because your OS will happily decode files that your programs have permission to read.

That said, on modern systems, encryption is cheap. So set it up if you can.

Edit: I replied to the original post.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Crosspost. Click on it and you'll land on my original post.

I didn't want to duplicate it. You can always suggest me how to make the crosspost more visible, I just did it how my client set it up for me.