Collaborate Disseminate
When considering external drives for secure long-term storage of sensitive data, what are the pros and cons of using the same password for encrypting all files versus using random passwords for each file (or junk of files), and how does th… Continue reading Choosing Encryption Strategies for Secure Long-Term Storage of Sensitive Data
I’m working on a case involving an Apple silicon Mac and it has me stumped. It has a user password, which I don’t know, is running the latest OS and has Filevault enabled.
Without the user password, my forensic tools can’t do anything as t… Continue reading Is guessing the password forensically sound?
Security threat: physical theft of a laptop and a server that use TPM2 auto unlock FDE with LUKS. In both cases the TPM checks against some PCRs before unsealing the key. The laptop prompts for a TPM PIN, the server doesn’t. The attacker i… Continue reading PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?
I need to enable hybernation to the LUKS-encrypted drive. My /boot partition is unencrypted hence it stores all kernel images as well as kernel parameters in unencrypted form. For hybernation to work I should specify where the swap file st… Continue reading Is specifying resume_offset for hybernation to LUKS-encrypted drive safe?
Consider a home user who runs Linux on a laptop with full-disk encryption and uses a cloud-based password manager. Assume the laptop is firewall-protected with no SSH access. It seems reasonable to reuse the same passphrase for the OS user… Continue reading What are the risks of reusing the same passphrase for FDE, user account, and password manager?
I’ve been trying to get a reliable, and decently secure setup on a device for a little while now, and I feel like I may be overthinking some things but I am unsure.
Just to clear things up, this is mostly just for fun, and interest, so I d… Continue reading Advice on encryption setup
The recent faulTPM paper (https://arxiv.org/pdf/2304.14717v1.pdf) deals mostly with Bitlocker and only mentions LUKS to note the differences.
The authors state:
With a passphrase, however, the same level of security that the passphrase-on… Continue reading Does faulTPM defeat the LUKS-based FDE with a passphrase?
My Android phone is dead, but I want to recover my data. I removed eMMC using chip-off and acquired the image/dump file (userdata.bin) using Easy JTAG. The phone had Andriod 9, which uses Full Disk Encryption. I had a passcode on the phone… Continue reading Andriod encryption/decryption
I encrypted my Ubuntu Desktop 20.04.3 with LVM/LUKS during the installation process. If I turn off the computer, is the brute force the only attack available for getting the password and accessing the files? I think it doesn’t encrypt the … Continue reading Full disk encryption with LUKS?
my computer’s OS drive is fully encrypted with Veracrypt’s system encryption: https://veracrypt.eu/en/System%20Encryption.html
Is there a way to remotely enter the password in the pre-boot authentication screen? Like sending it via LAN or … Continue reading Full disk encryption: remotely enter password (Veracrypt or other solutions) [migrated]