Collaborate Disseminate
I have developed a web service for customer. The web service is written in Python and running in Docker containers. It is managed by docker compose.
The customer wants my web service to run on their own Ubuntu servers, but I have control o… Continue reading Is deploying a web application to a customer’s encrypted drive a secure solution against code theft?
Security threat: physical theft of a laptop and a server that use TPM2 auto unlock FDE with LUKS. In both cases the TPM checks against some PCRs before unsealing the key. The laptop prompts for a TPM PIN, the server doesn’t. The attacker i… Continue reading PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?
I need to enable hybernation to the LUKS-encrypted drive. My /boot partition is unencrypted hence it stores all kernel images as well as kernel parameters in unencrypted form. For hybernation to work I should specify where the swap file st… Continue reading Is specifying resume_offset for hybernation to LUKS-encrypted drive safe?
I’m looking into hardening an embedded device using TPM2 with an encrypted root (/) Linux partition. I’ve found various articles explaining how to embed LUKS keys into the TPM (eg this one). Unless otherwise informed, I assume this can be… Continue reading How does a TPM module protect keys LUKS keys on Linux
If a person finds an old hard drive that was partially overwritten and let’s say 1GB of that wasn’t and was formerly used for part of a LUKS encrypted partition, what is the risk that such data, which looks random, could be brute force dec… Continue reading LUKS brute force risk?
I am stuck with an issue of needing a break glass account on remote laptops.
It’s a bit a strange situation. The laptops are built and rebuilt remotely using a small PXE setup that goes with the equipment.
The PXE server has a default pass… Continue reading Remote Laptop disk encryption, break glass
The recent faulTPM paper (https://arxiv.org/pdf/2304.14717v1.pdf) deals mostly with Bitlocker and only mentions LUKS to note the differences.
The authors state:
With a passphrase, however, the same level of security that the passphrase-on… Continue reading Does faulTPM defeat the LUKS-based FDE with a passphrase?
I encrypted my Ubuntu Desktop 20.04.3 with LVM/LUKS during the installation process. If I turn off the computer, is the brute force the only attack available for getting the password and accessing the files? I think it doesn’t encrypt the … Continue reading Full disk encryption with LUKS?
3 people need to share some data through cloud. The total amount of data is small (<5gb in total). The update rate is very low, 1 per month. The cloud has very limited security measures so we consider all the files stored in it are publ… Continue reading Which one is safer for persistent online data? Gpg per file encryption vs gpg encrypted image vs LUKS2 image
I want to mount a LUKS partition and decided to do it with a separate script which will contain the password to the LUKS partition, it will also decrypt the header file and mount the partition.
What vulnerabilities does this approach add c… Continue reading Is it safe to store the header and password from LUKS in an encrypted GPG script (symmetrically)?