LUKS encryption security
by nomival from LinuxQuestions.org on (#6F6CR)
Hello.
Suppose you a new physical disk to a server where you must store sensitive data with the following commands:
1. get disks
Code:lsblk2. format and setup with luks2
Code:cryptsetup luksFormat --type luks2 /dev/sdb2. open it
Code:cryptsetup luksOpen /dev/sdb safe_data3. fill space with 0
Code:dd if=/dev/zero of=/dev/mapper/safe_data status=progress4. format it
Code:mkfs.ext4 /dev/mapper/safe_data5. mount it
Code:mount /dev/mapper/safe_data /home/safe_data6. copy data on it from secure web transfer
Now i am curious, suppose the server gets a shutdown/reboot (power outage) without manually running the `cryptsetup luksClose` cmd on a encrypted container. Is there any possibility that you can access the data without entering the password because you did not closed the container?
You can have physical access to the disk, dump ram memory or even using recovery software.
How about run-time attacks (having access to the server but not knowing user/pass to log in)?
Thank you.
Suppose you a new physical disk to a server where you must store sensitive data with the following commands:
1. get disks
Code:lsblk2. format and setup with luks2
Code:cryptsetup luksFormat --type luks2 /dev/sdb2. open it
Code:cryptsetup luksOpen /dev/sdb safe_data3. fill space with 0
Code:dd if=/dev/zero of=/dev/mapper/safe_data status=progress4. format it
Code:mkfs.ext4 /dev/mapper/safe_data5. mount it
Code:mount /dev/mapper/safe_data /home/safe_data6. copy data on it from secure web transfer
Now i am curious, suppose the server gets a shutdown/reboot (power outage) without manually running the `cryptsetup luksClose` cmd on a encrypted container. Is there any possibility that you can access the data without entering the password because you did not closed the container?
You can have physical access to the disk, dump ram memory or even using recovery software.
How about run-time attacks (having access to the server but not knowing user/pass to log in)?
Thank you.