BTW: Usually a BIOS password can easily be cleared or changed, either by using a master password or by removing the battery for a while. (But this has of course nothing to do with LUKS.)XG Dong wrote:BIOS boot password
No ecryptfs-util in CentOS 7?
Re: No ecryptfs-util in CentOS 7?
German speaking forum for Fedora and CentOS: https://www.fedoraforum.de/
Re: No ecryptfs-util in CentOS 7?
How is this achieved?drk wrote:No.XG Dong wrote: Say if someone just plug my hard drive into another computer, will he be able to read my files?
Re: No ecryptfs-util in CentOS 7?
Yeah...security counter measurement should consider when the bad guys have access to the hardware. That is the point of encrypting files.owl102 wrote:BTW: Usually a BIOS password can easily be cleared or changed, either by using a master password or by removing the battery for a while. (But this has of course nothing to do with LUKS.)XG Dong wrote:BIOS boot password
Re: No ecryptfs-util in CentOS 7?
Here is a link for information on LUKS encryption:XG Dong wrote:How is this achieved?drk wrote:No.XG Dong wrote: Say if someone just plug my hard drive into another computer, will he be able to read my files?
https://access.redhat.com/site/document ... ption.html
This link http://www.eetimes.com/document.asp?doc_id=1279619
suggests that it will take 3.31x10^56 years to brute-force break 256bit AES encryption.
Re: No ecryptfs-util in CentOS 7?
Hmm...would it be possible to plug in the hard drive and just sequentially read from it?drk wrote:Here is a link for information on LUKS encryption:
https://access.redhat.com/site/document ... ption.html
This link http://www.eetimes.com/document.asp?doc_id=1279619
suggests that it will take 3.31x10^56 years to brute-force break 256bit AES encryption.
Re: No ecryptfs-util in CentOS 7?
Also I am wondering, since I have multiple hard drives in my machine, I was asked for the pass phrase for the SSD partition when I boot the system, but not for the storage partition(which is a RAID 1 of 2 hard drives). Not sure if they are encrypted as well...I did choose "encrypt" when I was installing the system.
My SSD partition is mapped/mounted under /dev/dm-0
My storage partition(s) are mapped under /dev/mapper/luks-blabla(so I guess it is encrypted?) and /dev/dm-2
My SSD partition is mapped/mounted under /dev/dm-0
My storage partition(s) are mapped under /dev/mapper/luks-blabla(so I guess it is encrypted?) and /dev/dm-2
Re: No ecryptfs-util in CentOS 7?
They can read the drive but the information will essentially be gibberish.XG Dong wrote:Hmm...would it be possible to plug in the hard drive and just sequentially read from it?
Re: No ecryptfs-util in CentOS 7?
Possibly. Post the output of "lsblk"XG Dong wrote:Also I am wondering, since I have multiple hard drives in my machine, I was asked for the pass phrase for the SSD partition when I boot the system, but not for the storage partition(which is a RAID 1 of 2 hard drives). Not sure if they are encrypted as well...I did choose "encrypt" when I was installing the system.
My SSD partition is mapped/mounted under /dev/dm-0
My storage partition(s) are mapped under /dev/mapper/luks-blabla(so I guess it is encrypted?) and /dev/dm-2
Re: No ecryptfs-util in CentOS 7?
Here is an example of what the LUKS encryption will do using test files instead of actual disks.They can read the drive but the information will essentially be gibberish.
Setup a couple of test files to use as block devices and set them up for use as block devices:
Code: Select all
# dd if=/dev/zero of=regular bs=1M count=5
# dd if=/dev/zero of=encrypt bs=1M count=5
# l
total 10240
-rw-r--r--. 1 root root 5242880 Sep 18 10:04 encrypt
-rw-r--r--. 1 root root 5242880 Sep 18 10:04 regular
# losetup -f encrypt
# losetup -f regular
# losetup -a
/dev/loop0: [fd00]:135431 (/tmp/test/encrypt)
/dev/loop1: [fd00]:135405 (/tmp/test/regular)
Code: Select all
# mkfs -text2 /dev/loop1
# mkdir r
# mount /dev/loop1 r
# l r
total 12
drwx------. 2 root root 12288 Sep 18 10:07 lost+found
Code: Select all
# cryptsetup luksFormat /dev/loop0
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
# cryptsetup luksOpen /dev/loop0 loop0e
Enter passphrase for /dev/loop0:
# mkfs -text2 /dev/mapper/loop0e
# mkdir e
# mount /dev/mapper/loop0e e
# l e
total 12
drwx------. 2 root root 12288 Sep 18 10:13 lost+found
Code: Select all
# echo klaatu barada necktie > test.txt
# cp test.txt r
# cp test.txt e
# l -R
total 5390
drwxr-xr-x. 3 root root 1024 Sep 18 10:18 e
-rw-r--r--. 1 root root 5242880 Sep 18 10:19 encrypt
drwxr-xr-x. 3 root root 1024 Sep 18 10:18 r
-rw-r--r--. 1 root root 5242880 Sep 18 10:19 regular
-rw-r--r--. 1 root root 22 Sep 18 10:18 test.txt
./e:
total 14
drwx------. 2 root root 12288 Sep 18 10:13 lost+found
-rw-r--r--. 1 root root 22 Sep 18 10:18 test.txt
./r:
total 14
drwx------. 2 root root 12288 Sep 18 10:07 lost+found
-rw-r--r--. 1 root root 22 Sep 18 10:18 test.txt
Code: Select all
# strings regular
lost+found
test.txt
mselinux
unconfined_u:object_r:file_t:s0
klaatu barada necktie
# strings encrypt
SJ!Jb#
2+DW
A23
,@/T
k8t=
<more gibberish deleted>
Re: No ecryptfs-util in CentOS 7?
Thanks for your testing example, feels much more secured now.drk wrote:Possibly. Post the output of "lsblk"XG Dong wrote:Also I am wondering, since I have multiple hard drives in my machine, I was asked for the pass phrase for the SSD partition when I boot the system, but not for the storage partition(which is a RAID 1 of 2 hard drives). Not sure if they are encrypted as well...I did choose "encrypt" when I was installing the system.
My SSD partition is mapped/mounted under /dev/dm-0
My storage partition(s) are mapped under /dev/mapper/luks-blabla(so I guess it is encrypted?) and /dev/dm-2
The output of lsblk: Not sure if it is necessary to hide the LUKS ID there, so I just whited it anyway. The file system I am using is BTRFS, the RAID 1 looks quite strange...