Jump to content

Ubuntu 10.04 Installed Can I Luks Encrypt Without A Reformat?


Guest Deleted_Account

Recommended Posts

Guest Deleted_Account

I currently have ubuntu 10.04 installed I tried downloading the alternate CD several times and even though the MD5 sum's matched up each time it wouldn't install. Is there a way (Googled couldnt find anything) to Encrypt a already installed version of ubuntu 10.04 without re-formating or losing any data?

Thanks for any suggestions never been in this situation before,

x942

Link to comment
Share on other sites

I've seen discussion on this with trying to use TrueCrypt to do whole disk encryption for linux.

Linux is open source. So the files are same for everybody except for your home folder and were you store documents. So you just need an encrypted container to store your files, scripts, p0rn, whatever you may have.

If it were possible to encrypted a whole disk of linux (I'm sure it is but it's not worth the effort), it would run slowly because of the on the fly disk encryption/decryption to read/write the drive.

Link to comment
Share on other sites

Guest Deleted_Account
I've seen discussion on this with trying to use TrueCrypt to do whole disk encryption for linux.

Linux is open source. So the files are same for everybody except for your home folder and were you store documents. So you just need an encrypted container to store your files, scripts, p0rn, whatever you may have.

If it were possible to encrypted a whole disk of linux (I'm sure it is but it's not worth the effort), it would run slowly because of the on the fly disk encryption/decryption to read/write the drive.

TC whole disk only works with windows sadly Saw some about that too. I personally would rather a slowdown then allowing someone to know what i am using. For instance TC encrypts whole drive no one can tell what OS i am using plus hex edit the bootloader and they don't even know what it's encrypted with so no way to assume windows. But i know LUKS encrypts everything BUT /boot and i am fine with that. The chances of someone infect /boot with malicous code are equal to that of someone using EvilMaid on TC or Coldboot attack which is unlikely. Even if a Forensic examiner showed up It would take a simple power down to solve the cold boot attack and then rem image MBR/ /boot to ensure no keylogger is in there.

Link to comment
Share on other sites

I am going for a computer forensic examiner bachelors.

It does not matter what OS you are running if you have your important files encrypted. Honestly the FBI (as far as the local office in my area) does not use any linux tools. They use EnCase and FTK. They hold up better in court because people can understand it. Instead of using the magically unknown linux tools ooooo ahhhh.

I don't understand why you would want to encrypt the whole disk because it's really not needed. And if your files are in an encrypted container then problem solved. Yes they could do a cold boot attack and highly unlikely the Evil maid attack which I've never even heard of. I don't understand why you want such anonomy with your OS as you said so malicious code cannot be used on you?

This is a quote from http://blog.pgp.com/index.php/2009/10/evil-maid-attack/ about the evil made attack

While disk encryption products such as PGP® Whole Disk Encryption can do very useful and desirable things to enhance your security posture – such as protect the data on your computer’s hard drive – full disk encryption by itself does not protect your computer from malware, viruses, or spyware.

Hard disk encryption will not prevent XSS or really anything if you use the computer.

Even booting from a live CD of BackTrack4 or whatever does not make you 100% safe. As Darren noted. If you use that on your laptop and your hard drive is plugged in someone could still access the drive if they infect your system while it's running.

Your best bet would be just to do a 3 partition install of linux. 1 for swap, 1 for home folder, 1 for root. And encrypt the home folder partition.

http://www.schneier.com/blog/archives/2009...maid_attac.html

"Evil Maid" Attacks on Encrypted Hard Drives

Earlier this month, Joanna Rutkowska implemented the "evil maid" attack against TrueCrypt. The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. Basically, the attack works like this:

Step 1: Attacker gains access to your shut-down computer and boots it from a separate volume. The attacker writes a hacked bootloader onto your system, then shuts it down.

Step 2: You boot your computer using the attacker's hacked bootloader, entering your encryption key. Once the disk is unlocked, the hacked bootloader does its mischief. It might install malware to capture the key and send it over the Internet somewhere, or store it in some location on the disk to be retrieved later, or whatever.

You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. The same maid could even sneak back the next night and erase any traces of her actions.

Comment about the above quote: If a F-in hotel maid knows how to install a hacked bootloader on my laptop, he/she would not be working as a maid and can just have my damn laptop.

I NEVER leave my computer unattended. Also, install a BIOS password on boot so they can't even boot the computer. Bios password, then disk password, then OS login password. Paranoid?

Another link that describes how Stoned boot thwarts Windows + TrueCrypt

http://www.bisql.net/2010/01/boot-kit-rend...ely-vulnerable/

Edited by Mr-Protocol
Link to comment
Share on other sites

I currently have ubuntu 10.04 installed I tried downloading the alternate CD several times and even though the MD5 sum's matched up each time it wouldn't install. Is there a way (Googled couldnt find anything) to Encrypt a already installed version of ubuntu 10.04 without re-formating or losing any data?

Thanks for any suggestions never been in this situation before,

x942

Unfortunately no, you can't do that. There is a way to install to an already encrypted drive though. This is for installing to an external usb drive, just input your internal drives instead.

http://www.infosecramblings.com/backtrack/...isk-encryption/

Once done, on boot your get a screen asking for the key, the laptop won't boot past this screen until the key is input.

I've seen discussion on this with trying to use TrueCrypt to do whole disk encryption for linux.

Linux is open source. So the files are same for everybody except for your home folder and were you store documents. So you just need an encrypted container to store your files, scripts, p0rn, whatever you may have.

If it were possible to encrypted a whole disk of linux (I'm sure it is but it's not worth the effort), it would run slowly because of the on the fly disk encryption/decryption to read/write the drive.

I'm running full disk encryption on my laptop and desktop. If there's a slow down I don't see it.

Edited by barry99705
Link to comment
Share on other sites

Guest Deleted_Account
I am going for a computer forensic examiner bachelors.

It does not matter what OS you are running if you have your important files encrypted. Honestly the FBI (as far as the local office in my area) does not use any linux tools. They use EnCase and FTK. They hold up better in court because people can understand it. Instead of using the magically unknown linux tools ooooo ahhhh.

I don't understand why you would want to encrypt the whole disk because it's really not needed. And if your files are in an encrypted container then problem solved. Yes they could do a cold boot attack and highly unlikely the Evil maid attack which I've never even heard of. I don't understand why you want such anonomy with your OS as you said so malicious code cannot be used on you?

What I ment is that with TrueCrypt you CAN encrypt every bit of data on the disk. Now NO ONE knows what OS is running. FTk and EnCase may be OS independent and may not use any Linux based tools but still if they know i am running linux or windows they now have more knowledge then before. Not saying it's need i was just curious if it was possible. And I only meant it was UNLIKELY that any one would use cold boot or EvilMaid. If an investigator or shady person touched my computer I would boot the recovery disk and reimage the MBR meaning NO EvilMaid or other malware in MBR.

{quote}

This is a quote from http://blog.pgp.com/index.php/2009/10/evil-maid-attack/ about the evil made attack

Hard disk encryption will not prevent XSS or really anything if you use the computer.

Even booting from a live CD of BackTrack4 or whatever does not make you 100% safe. As Darren noted. If you use that on your laptop and your hard drive is plugged in someone could still access the drive if they infect your system while it's running.

Your best bet would be just to do a 3 partition install of linux. 1 for swap, 1 for home folder, 1 for root. And encrypt the home folder partition.

http://www.schneier.com/blog/archives/2009...maid_attac.html

Comment about the above quote: If a F-in hotel maid knows how to install a hacked bootloader on my laptop, he/she would not be working as a maid and can just have my damn laptop.

I NEVER leave my computer unattended. Also, install a BIOS password on boot so they can't even boot the computer. Bios password, then disk password, then OS login password. Paranoid?

Another link that describes how Stoned boot thwarts Windows + TrueCrypt

http://www.bisql.net/2010/01/boot-kit-rend...ely-vulnerable/

I do agree with every thing you have said and i do the same with BIOS, HDD LOCK, OS login, AND TC however about the stonned boot kit:

The "Stoned" bootkit, an MBR rootkit presented by Austrian software developer Peter Kleissner at the Black Hat[1] Technical Security Conference USA 2009[16][17], has been shown capable of tampering TrueCrypt's MBR effectively bypassing TrueCrypt's full volume encryption.[18][19] (but potentially every hard disk encryption software is affected too if it does not rely on hardware-based encryption technologies like TPM, or—even if it does—if this type of attack is made with administrative privileges while the encrypted operating system is running[20][21]).

Two types of attack scenarios exist in which it is possible to maliciously take advantage of this bootkit, currently written for Win32 platforms only: in the first one, the user is required to launch the bootkit with administrative privileges once the PC has already booted into Windows; in the second one, analogously to hardware keyloggers, a malicious person needs physical access to the user's TrueCrypt-encrypted hard disk: in this context this is needed to modify the user's TrueCrypt MBR with the Stoned's one and then place the hard disk back on the unknowing user's PC, so that when the user boots the PC and types his/her TrueCrypt password on boot, the "Stoned" bootkit intercepts it thereafter because, from that moment on, the Stoned bootkit is loaded before TrueCrypt's MBR in the boot sequence. The first type of attack can be prevented as usual by good security practices, i.e. avoid running non-trusted executables with administrative privileges; the second one can be successfully neutralized—by the side of a user who suspect his/her encrypted hard disk might have been physically available to someone he/she doesn't trust—by booting the encrypted operating system with TrueCrypt's Rescue Disk instead of booting it directly from the hard disk and restoring boot loader in MBR.[22]

It is EASILY avoided and is pretty much the same as EvilMaid except does more. Basically instead of just logging the password from the point it's captured on ward it auto-matically enters it thus decrypting the HDD a simple Recover using TC's recovery disk would fix this. Thanks for the help though and I do agree with the part on linux. I will try encrypting just the important stuff. I guess i am just used to Windows where Whole Disk Encryption means a Sector by Sector Bit for Bit encryption. Also with all these so called attacks you would think people would rnotice NONE of them are REAL attacks just Keyloggers or bootkits or (MAYBE) bruteforcers not a real attack against anything besides your password (which should be strong By the way) or YOU as in Socail engineering or getting you to launch a malicous file. No attack's against Ecnryption methods, implementation, algorithms, hashes etc. just the user and passwords. Easy to thwart these attacks.

Link to comment
Share on other sites

Guest Deleted_Account

TC recovery disk will restore the MBR to original (after decrypt), emergency decrypt, and restore TC bootloader all of which need your password so ya still F*cked if you forget it :P

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...