Mailinglist Archive: opensuse (2532 mails)

< Previous Next >
Re: [opensuse] decrypting LUKS partitions without passphrase
  • From: Sam Clemens <clemens.sam1@xxxxxxxxx>
  • Date: Sat, 03 May 2008 22:41:30 -0400
  • Message-id: <481D225A.90500@xxxxxxxxx>
John Andersen wrote:
On Sat, May 3, 2008 at 6:56 PM, Sam Clemens <clemens.sam1@xxxxxxxxx> wrote:
Carlos E. R. wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



The Saturday 2008-05-03 at 18:08 -0400, Sam Clemens wrote:


Is there a specific reason you are encrypting swap?

It is standard procedure.

Think: your portable is hibernated and then stolen.

Hint:

The password to mounted encrypted partition is in clear text in memory,
thus, in the swap. And any thing you may have opened.


Hint.. if you're portable is hibernated, then when the
thief restarts it, all of your partitions are already
mounted with good passwords, and can be perused by
merely doing

$ strings /dev/kmem | more
$ strings /dev/mem | more

Only if you are in a habit of hybernating your lap top while
running as root. Who does that anyway?

Having physical access to the laptop, "local exploits" are no in play.

Any "local exploit" can be accomplished by running code
installed by a user into his/her home directory.

Thus, getting root is not a terribly difficult thing for
a reasonably knowledgeable attacker.

And of course, the Firewire/IEEE 1394 port is completely unsecure.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >