Results 1 to 7 of 7

Thread: If u encrypt ur home, can an attacker boot into a root console & get ur data

  1. #1
    Join Date
    Apr 2009
    Beans
    341
    Distro
    Ubuntu 14.04 Trusty Tahr

    If u encrypt ur home, can an attacker boot into a root console & get ur data

    Let's say that durring install, I selected the encrypt your home dir. Can an attacker boot the system into a root console or single user console or recovery console and change your password and then boot normally and log into your encrypted home. I know that on Ubuntu systems one can just edit grub to boot to recovery/root console and change passwords, I know because I did this years ago back in the 9.10 or earlier days. So what's the point of encrypting the home dir.

    Hopefully someone will tell me that even if root changed the user password they would still need the decryption passphrase to decrypt home. Kinda like 2 factor authentication.
    Last edited by MechaMechanism; April 13th, 2013 at 11:53 PM.

  2. #2
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: If u encrypt ur home, can an attacker boot into a root console & get ur data

    Don't worry, your safe.

    There is no way an attacker can decrypt your home directory by booting into single-user mode.
    Cheesemill

  3. #3
    Join Date
    Sep 2010
    Beans
    27
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: If u encrypt ur home, can an attacker boot into a root console & get ur data

    I mean, a guy from the CIA can probably do that. But Ubuntu encompasses a good amount of servers, so I'd say you'll be just fine.

  4. #4
    Join Date
    Apr 2009
    Beans
    341
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: If u encrypt ur home, can an attacker boot into a root console & get ur data

    Cool, thanks for the replys.

  5. #5
    Join Date
    Jun 2011
    Beans
    350

    Re: If u encrypt ur home, can an attacker boot into a root console & get ur data

    I used to wonder about this too, but the user account password is separate from the encryption password. Without your encryption password the attacker cannot read your data. There is a nice explanation here: https://wiki.ubuntu.com/EncryptedHomeFolder

  6. #6
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,807

    Re: If u encrypt ur home, can an attacker boot into a root console & get ur data

    Hard Drive encryption is not uncrackable.

    If the attacker has physcial access as implied in the OP then it is a matter of time and tools that the attacker has an/or knowledge. It will still depend on your passpharse key and type of encryption.

    Physcial access is root access for all intents and purposes.

    There are many tools to allow this, HDD encryption is not much different to anything else if using a passphrase in that it is still only as strong or as weak as the attackers dictionary

    For example https://code.google.com/p/luks-volume-cracker/
    Feel Free to Bitcoin Tip: 135Rp4pwwYTHEJ4u8bxKaDQiC91N9LUoV2

    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  7. #7
    Join Date
    Jan 2012
    Beans
    753

    Re: If u encrypt ur home, can an attacker boot into a root console & get ur data

    Quote Originally Posted by haqking View Post
    Hard Drive encryption is not uncrackable.

    If the attacker has physcial access as implied in the OP then it is a matter of time and tools that the attacker has an/or knowledge. It will still depend on your passpharse key and type of encryption.

    Physcial access is root access for all intents and purposes.

    There are many tools to allow this, HDD encryption is not much different to anything else if using a passphrase in that it is still only as strong or as weak as the attackers dictionary

    For example https://code.google.com/p/luks-volume-cracker/
    ^This. And even if you use a password which is uncrackable with today's technology (or even technology in the forseable future), remember that there are other ways to gain entry. For example, an encrypted home directory leaves all the inner workings of the computer in / unencrypted, so an attacker could simply turn your normal GNU utilities into a keylogger, recording your passkey as you enter it. To defend against this, you should use disk encryption. If you do that, only /boot is left unencrypted, and /boot is much easier to protect and discover tampering.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •