Hey guys a question for anyone expert enough to reply, what kind of attacks I’m vulnerable with if I use a cripted home folder on linux?
I didn’t cript the whole pendrive but just the user since I did this after the installation of the os. Anyway I want to stay safe.
I know for sure that I’m vulnerable of course to any keylogger but let’s just imagine that I just turned off the PC and unplugged the pendrive where I got linux installed. What can they do to access my data. My password is over 10 characters long… including symbols and more.
Also in case shit its the fan, can they see my last successful access to that crypted part of the pendrive?
Thank you to anyone willing to answer
currently (and you always have to keep in mind, that this may change any minute) the encryption standard used for solely encrypting the home folder, is provided directly by the Linux kernel and is said to be rather safe, if you use a proper pass phrase. However, you’ve to keep in mind that, of course, anything not saved in the home folder, isn’t encrypted. Depending on how you use your system, this can lead to an attacker gaining a lot of information about you from the things which, for example are stored in the / part of your installation. That is one of the reasons, why, if possible, a complete disk encryption is definitely to be recommended over only encrypting the home folder. Furthermore, since it is possible to, at least, boot the system, the attack surface is considerably bigger over encrypting the whole drive, especially if you’ve things like “guest accounts” activated. Now, I don’t really know, what you mean by your last question. Are you asking whether someone may see, what you did, last time you used the pen drive? Because, like I’ve said before, all the unencrypted parts already may tell someone a lot about you. Just look at all the folders which are, in the file tree, “higher” than your user folder and you may see for yourself, what someone may be able to get out of the stick, with the encryption still intact and untouched. Furthermore, 10 characters, may seem a lot, but it’s not really that long, compared to “proper pass phrases”, which may have up to 40 signs and are often easier to keep in mind. If you need some inspiration on what kind of pass phrases are considered “proper ones”, I recommend this video, in which John Oliver and Edward Snowden demonstrate it, in the best way possible: Edward Snowden on Passwords: Last Week Tonight with John Oliver (HBO) - YouTube
Thank you very much guys for your kind replies, I will proceed with full encryption and a stronger password.
My last question basically is referred to the last time I successfully logged in the system. With home encrypted I now understand that I’m vulnerable enough to change.
Let me formulate my question better
If now I encrypt the whole drive, with 40+ characters… let’s say I say to my opponent that I forgot the password. In my country even if freedom is very limited this is a legit way to not grab too much attention…
Will they know that I’m lying? I mean I tell them something like: “Sorry guys, it’s been months that I don’t touch that thing.” Can they tell me: “Nope, we know that’s lie you used this yesterday”.
I know that lots of scenarios are possible but let’s say they analyze that encrypted drive only after is unplugged and my pc is off since hours. And also consider that none of my house internet connections are used on the said drive.
I opened this topic just for curiosity/extra paranoia, cause I highly doubt it that someone is interested in what I do, but you know I would like to know this from a long time.
no, they can’t find out when you last used a, with a proper standard like dm-crypt, completely encrypted disk, under normal circumstances. The only way they could tell you were lying in this case was by you simply being nervous, since things like the polygraph don’t work and the authority’s in most countrys lack the resources to crack a 30+ pass phrase. Current technology simply isn’t as far (which is why most attacks are dictionary based) and such a long pass phrase can’t be in a dictionary, if you’re a little creative.
If, however, you are REALLY paranoid, you can always put anything sensitive in a “hidden volume”. What this means, is that, using a software like Veracrypt, you create an encrypted HDD (or, part of an HDD for very “dangerous” things and encrypt the rest with dm-crypt) which has two passwords. One, which you may give to the authorities who then see that all you’ve got encrypted are “harmless things” and another one, only known to you, which may access your secrete things. This is especially handy in places, were you maybe forced to handout a password with brutal methods (hence the title “robberhose”, hinting on a popular torture method for getting passwords, for the first program which used such an concept, developed by Julian Assange), you can simply hand out one. No one is then able to tell, that there are other things on your HDD. I recommend Veracrypt, if you want to get this extra kind of protection.
I would speculate, that depending on dust and perhaps other deterioration, forensic analysis could estimate if a computer has not been used for hours, days, weeks or years. Perhaps not exactly, but likely not the exact day or time. This may be different when talking about hdd’s or sdd’s alone. Did anyone research that yet?
