Full Disk Encryption in Linux (Ubuntu / Mint) - secure?

Discussion in 'privacy technology' started by Forever, Jan 12, 2015.

  1. Forever

    Forever Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    54
    Hello,

    I'm wondering. Why is Ubuntu and Mint only using SHA1 for Full Disk Encryption? I heard several times that SHA1 shouldn't be used anymore because it is weak and it could be cracked.

    Could you guys explain me why we should use the default GUI encryption if we can just encrypt the system over the terminal with like SHA512? I'm I paranoid or is it just a lie that SHA1 has been broken?
     
  2. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    LUKS uses AES-256 which is solid (the NSA approves of it for top secret stuff). The password is hashed with SHA-1, but it's really not a huge security risk. Read this:

    https://unix.stackexchange.com/questions/101347/how-can-i-extract-the-hash-value-of-a-luks-device

    In practice, modern-day strong encryption's strength far surpasses anybody's ability to crack it, even the NSA. If there's a serious adversary that wants to see what you have or what you're doing on your LUKS encrypted computer, probably the last thing they're going to think of is brute forcing it. Hardware keyloggers, firmware backdoors, and sophisticated malware are the name of the game. Why bother spending millions of dollars on the computing power needed to break your encryption (still unlikely with any amount invested) when they can just pay your maid a thousand bucks to flash your bios with some new rootkit that catches your encryption password the next time you type it in?
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    Right. With dm-crypt/LUKS, physical security becomes the weakest link.

    One can unlock LUKS with a USB key, as described at http://www.gaztronics.net/howtos/luks.php However, adversaries can see in cryptroot-ask.sh that a USB key is specified, and also precisely where the random passphrase is located on that USB key. So it had better be well hidden. One could use a micro flash chip instead, which would be far easier to hide, and to destroy in an emergency. And one could keep backup copies of said micro flash chip securely hidden, or even store an image (securely encrypted) in the cloud.

    Adversaries can still recover the LUKS master key from RAM. To get around that, there are tweaks to store the master key in CPU cache. However, if adversaries have physical access, they might as well just install a rootkit that sends interesting data to a remote server. Such a rootkit would also get around firewall rules, of course.

    So indeed, physical security is the weakest link :)
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Physical security is definitely the weakest link. I am going to stretch that concept by saying that being able to "see LUKS" is also a physical thing, and I would contribute dearly to a scheme where the physical presence of LUKS could be hidden. As it stands, I don't want to be involved with a strong adversary and refuse to surrender the LUKS password. Since they can't break the password by a long shot, they may just "break" me! That is a separate thread to be sure.
     
  5. Forever

    Forever Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    54
    And why are TrueCrypt / VeraCrypt and other encryption software not using SHA1 for hashing? They recommend SHA512, Whirpool and hashes with like 512 key lengh
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    Right. But a key aspect of physical security, in this context, is to prevent adversaries from inspecting your devices. And realistically, if it gets to the point that such adversaries are inspecting your devices, they won't stop until they find what they expect. Indeed, even if they find nothing, maybe they'll plant whatever they expect to find :(
     
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    How can they plant something if the system is fully encrypted?
     
  8. Forever

    Forever Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    54
    I guess by a Hardware Keylogger?
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    They can wipe the disk (after imaging, of course) and write whatever they want :)
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    There are some interesting "thoughts" on the posts directly above this one. In a "Cinderella world" you would never have to contend with LE doing anything except pure enforcement. WDE is about the smartest thing you can do to protect yourself from anything getting "planted" on a drive that wasn't there when it was taken. Please don't misunderstand me. I am not saying its something that is likely to ever happen. Its just nice to know that it CANNOT happen on a fully encrypted drive that can't be opened for file system access.

    I struggle with much of this. I really don't want genuine "bad guys" to get away with horrible stuff (whatever that is!), but at the same time I don't want good guys to have their "space" invaded just because they want privacy. In a sense this is much like Snowden's actions. There are both sides.



    Back to thread title:

    LUKS is very secure but I hate that you can see it resides on a "cold drive" on someone's computer. Even if you strip the header and use bootable media to jump start LUKS/Dm-Crypt, you cannot account for the large sector/space usage by reasonable means. With TC and Windows I could and did place hidden OS's in places that were well outside the normal second partition (mod's used), and I am/was able to account for all the used space on the drive via various shell volume decoys. Its amazingly powerful when teamed with creativity and coding. Unfortunately TC requires windows for system disk encryption -- too bad because I don't trust windows. So there is the tradeoff in a nut shell. How I handle the tradeoff will have to remain my secret. I will only say that a hidden LUKS would be the "end game" for me.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    I can imagine running with no persistent local data storage. You work on a machine with no HDD or SSD. You keep your data and custom apps in a LUKS volume, stored somewhere in the cloud. You have a custom Tails LiveUSB that creates a minimal ramdisk. After booting, you manually create a large ramdisk, download the LUKS volume via Tor, and decrypt/mount it. When done working, you encrypt/unmount the LUKS volume, and upload it to your cloud storage.

    How about that?
     
  12. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Cool ideas, but given that the techniques used to break the encryption are below the level of the OS in the hardware/firmware, using live CD's isn't fool proof and doesn't solve what I see to be the core vulnerability which is not the HDD.

    Most modern day laptops come with something called Computrace in the BIOS. It's an anti-theft technology that can be activated remotely to find a laptops location in case it's stolen, and it can do a lot of things like look through the webcam, listen to the microphone, etc. Even in the case that it's not stolen, everyday cops in any country could theoretically activate it to monitor you without you noticing. It evens runs in Debian/Ubuntu and by extension maybe even Tails (but not in my intentionally obscure distro :) ). This is ubiquitous, everyday stuff, which I suspect is far less than what formidable agencies are capable of.
     
  13. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    For decent encryption program, what hush algorithm it uses don't matter for security. As shown in krustytheclown2's link, it's different from authentication, and for making bruteforce difficult. You can safely use even completely broken MD5 for hushing like PBKDF2, as what matters is only calculation time but this can easily be adjusted by increasing numbers of repetition. OTOH if hushed password was stolen, it's serious problem regardless of whether the password can be reversed or not. You'll find many people blindly believe that using RIPEMD-160 or MD5 for password hushing is danger, but they should learn how exactly the hush is used.
    As to your question, it doesn't make much difference, but more key length means more calculation time, however, in fact any algorithm is okay as long as it's properly adjusted in # of repetition.
    I bit care about cloud part. What cloud service & usage do you imagine specifically?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    The LUKS volume is encrypted, so anywhere would work. You could create a GnuPG signature, and store it separately. If the signature is valid, you know that the volume hasn't been altered.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    Yes, you're pwned if the hardware/firmware is pwned.

    However, if you've obtained the hardware more-or-less anonymously, by walking into a random store and paying cash, there's a pretty good chance that it's not backdoored.

    Once you go online with Tor, it's possible that an adversary will target your computer. But flashing the BIOS without root rights would arguably be difficult. Right?
     
  16. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    If you are under active physical surveillance, they'll see you buying the laptop, and then they'll just ask the shop owner for the serial number and such. If there's something like Computrace on it, they can call in to the company and say they need the computer put under monitoring. The issue is that there's a backdoor enabled by default in almost all laptops sold :eek:! It's not an unavoidable issue but it's widely overlooked.

    It is possible to flash/update your BIOS from the OS with root, so if your machine is pwned once, no reinstallation or live CD is going to be completely trustworthy.
     
  17. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Sorry, I somehow missed the mention about LUKS.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    @krustytheclown2

    If I suspected that I were under active physical surveillance, I would do my best to avoid being tailed while buying the laptop. I would not carry my cellphone. I would drive to a large city, avoiding cameras by driving on back roads. After parking, I'd get to a shopping district by some mix of walking and taxi rides. For most of us, that would suffice. And if it doesn't suffice, we have a bigger problem :eek:
     
  19. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    @mirimir

    Forget driving, your car is going to be fitted with a GPS (most newish cars have anti-theft radio tracking anyways). The best way that I can think of is to randomly walk around a big city when it's the most crowded, dipping through alleyways and such for a while, and hopping into a crowded bus that pulls up next to you randomly, get off after a few stops and try to find a shop by foot within no more than half an hour. Don't even plan your route, randomness is your friend here. Change the shirt that you're wearing and put on/take off sunglasses/hats a few times along the way too.

    Real surveillance teams are going to have about a dozen or more people so losing them is difficult, and you won't ever be certain you're in the clear. Call me paranoid now ;)
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    You're paranoid :)

    My car has no GPS, anti-theft, etc. It doesn't even have a computer :) Old school :rolleyes: But anyway, the point was getting to the big city without buying bus or train tickets. That tends to involve government ID :( Driving after dark on back roads, it's fairly easy to figure out whether someone is tailing you. Just wait until you've rounded a curve, and see a side road. Cut the lights, turn and stop after ~50 meters. Then see if anyone goes by. If you see anyone, turn around and go home.
     
  21. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    They can stick a GPS receiver under the chassis or hide it deep inside the engine, it doesn't need to be built in to your car. Maybe a bug sweep would catch it, but they could just turn it off as you're doing the sweep.

    They're actually pretty commonplace. I read a story somewhere about a Muslim college kid in the US getting one put on his car after a stupid Reddit post (I can't remember exactly what he said but I don't even think it was that bad).

    You can always hobo hop onto a freight train without ID hehe
     
  22. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I don't know what back road means, but avoiding all cameras and its automated tracking system in big city is not easy nowadays (you can mask your number plate by apparently seethrough board but it looks suspicious), besides darkness don't help much as they implement IR. And krustytheclown2 is right, usually individual tracker don't track one person long time, they work as a team and each tracker don't move much, that easy giving your tail the slip is false sense came from cheap spying movie (but he is right too that simple sunglass and hats, coats are effective than some people think, at least against private detective). Also crowd don't make tracking much difficult, as it can make use of RQ-11 (go trough building or underground arcade? All they need is carefuly monitor all exit, even when cameras are not under control) or such easier than car where RQ-4 is needed. And be very careful about mosquito or cockroach as some of them might implement microchip to you.
    http://picksclicks.cocolog-nifty.com/photos/uncategorized/2013/02/12/mosquit.jpg
    But I think if you are under surveillance as a target, you won't notice you're targeted for the first place just like bin Ladin and his cooperator didn't notice (it's much before 9.11).
    Of course those stories are about when you're targeted as individual, in that case the only way to escape it would be making full effort to exile yourself, with many people's support or a reason to support you, just like Snoden did.
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    The main thing here is to avoid attracting enough attention to be surveilled.
     
  24. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Then a conflict is more you use anonymous product/service, more it can attract attention. I'm sure it's already discussed in this forum, but I'm relatively new here. My opinion is still using Tor, Tails, or crypt programs/services are worth doing provided you use it in secure way as identifying you from many those user is not easy at all, unless your machine or you are exploited in other way, like built-in backdoor (either rooter or PC) or remote exploit to old TBB or...
    Sorry for just repeating probably much discussed subject, I'm just a bit lazy. And also sorry for derailing from the topic.
     
  25. Forever

    Forever Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    54
    And why are TrueCrypt / VeraCrypt and other encryption software not using SHA1 for hashing? They recommend SHA512, Whirpool and hashes with like 512 key lengh
     
Loading...