[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Whonix Datasecurity (Image)

Hello,

I think about a scenario where a local attacker try to steal my Data.

At first, we all know that a local attacker can allways steal my data from a debian pc system.
He can boot and steal my data.
If I have a boot password, he can go over grub and steal my data.
If I have a boot and a grub password, he can boot from dvd/usb or he can put the hdd in another pc, to search for the data.

But what about a Whonix VM Image?
If I have a boot password and also a grub password, it is not possible to boot the OS.
But also I think it is not possible to boot from dvd/usb and of course he can not take out the virtual hdd!

So does that mean it is not possible to get out data from this image?
If I am wrong, please explain me the workarount how this is possible, because I do not see any way.

What about encrypting the entire hard drive? Wouldn’t that make it impossible for a physical attack to acquire any data, assuming the computer is fully shut down?

Yes of course, if you use a good password and a good encrypting, than nobody is able to read your files.

But this is not a special situation, this is for files, musik, videos, vm images, pictures allways the same.
So thats nothing to ask, tell or discus about, because encryption is allways safe if you do it the right way.
But this is only 100% safe if you not start your pc and not decrypt your files, so this cant protect you in any situation.

In this scenario the attacker have the Whonix image already in his hand (The way he get it is not the question).

[quote=“donothackme, post:3, topic:64”][quote author=mortal link=topic=45.msg330#msg330 date=1392394252]
What about encrypting the entire hard drive? Wouldn’t that make it impossible for a physical attack to acquire any data, assuming the computer is fully shut down?
[/quote]

Yes of course, if you use a good password and a good encrypting, than nobody is able to read your files.

But this is not a special situation, this is for files, musik, videos, vm images, pictures allways the same.
So thats nothing to ask, tell or discus about, because encryption is allways safe if you do it the right way.
But this is only 100% safe if you not start your pc and not decrypt your files, so this cant protect you in any situation.

In this scenario the attacker have the Whonix image already in his hand (The way he get it is not the question).[/quote]

Alright I understand your question now. While I don’t know how to do so for sure, I believe there are hackers out there who can extract data from a virtual machine image if it’s not encrypted, regardless of any boot or grub passwords you set. Just because no one on a forum may know the exact way, doesn’t mean there aren’t others out there who do. So even if you don’t receive a clear answer here, ALWAYS assume that any file can be breached without encryption. My point is your OPSEC should be the same whether or not you receive a yes or no answer here (ASSUME it can be breached). That’s just my two cents.

Yes of course, if you use a good password and a good encrypting, than nobody is able to read your files.
At the risk of repeating myself: I'm sorry, but I need to break your illusion here. FDE doesn't protect you against a capable local attacker and here is why: In order to be able to decrypt FDE you still need unencrypted storage, i.e. Grub + /boot partition. Now, if this unencrypted storage is on the same physical media as your FDE, a local attacker can backdoor it and eavesdrop on your password the next time you enter it and then you're screwed big time! FDE + Grub password + boot password (what is this? FDE?) doesn't help here. Only thing you can do is carrying any unencrypted storage with you (physically), i.e. you need to install Grub + /boot partition to separate media. Read https://twopointfouristan.wordpress.com/2011/04/17/pwning-past-whole-disk-encryption/ for more detailed information.

At the risk of repeating myself: I’m sorry, but I need to break your illusion here. FDE doesn’t protect you against a capable local attacker and here is why: In order to be able to decrypt FDE you still need unencrypted storage, i.e. Grub + /boot partition. Now, if this unencrypted storage is on the same physical media as your FDE, a local attacker can backdoor it and eavesdrop on your password the next time you enter it and then you’re screwed big time! FDE + Grub password + boot password (what is this? FDE?) doesn’t help here. Only thing you can do is carrying any unencrypted storage with you (physically), i.e. you need to install Grub + /boot partition to separate media. Read https://twopointfouristan.wordpress.com/2011/04/17/pwning-past-whole-disk-encryption/ for more detailed information.[/quote]

You dont break my illusion, but you dont read my text well.
A good encryption with a good password is safe and nobody is able to read the files.
But if you decrypt your files, than you lose this safety, thats like an open banksafe, you lose safety when you open.

I write it twice, but I will write it again. The attacker have the Whonix image in his hand, this Image is protected by a User, Root and Grub Password (and also the tty1 user autologin is off). Is he able to read the files inside this image?

@mortal
I know that I will get only 100% safety if I encrypt this files, but I would like to know how good the protection of this image is. Because I think it will be very difficult to extract informations from this Image, maybe impossible.

You dont break my illusion, but you dont read my text well.
A good encryption with a good password is safe and nobody is able to read the files.
But if you decrypt your files, than you lose this safety, thats like an open banksafe, you lose safety when you open.

I’m sorry. I was actually thinking about host security and somehow missed your point here. That said, I cannot provide a deliberated answer to your question as I honestly haven’t thought about the actual attack vector yet.

EDIT: just to make sure I thoroughly understand the question … you’re concerned about want an attacker could do with an exposed virtual disk image (.vdi) of Whonix Workstation. Correct?

Because, if so, I would assume that despite grub, root/user password, disabled tty1, the attacker could just loop mount the .vdi (as I understand it - unencrypted storage) and extract it. I haven’t tested this. Just shooting from the hip.

At first, we all know that a local attacker can allways steal my data from a debian pc system. He can boot and steal my data. If I have a boot password, he can go over grub and steal my data. If I have a boot and a grub password, he can boot from dvd/usb or he can put the hdd in another pc, to search for the data.
The only useful defense here is full disk encryption. Which is only effective, if power is off. Such as, when you are traveling and someone steals your computer, chances are very good she can not read your data.

And when power is on, full disk encryption isn’t effective as already outlined here:
https://www.whonix.org/forum/index.php/topic,46.msg341.html#msg341

So does that mean it is not possible to get out data from this image?
When the image isn't encrypted - and encryption makes little sense - better use full disk encryption - it's trivial to circumvent grub password protection. You only need to mount the image and won't even notice there is a grub password. I know this for sure, because during Whonix development mounting images is something like a prerequisite skill.

When the image isn’t encrypted - and encryption makes little sense - better use full disk encryption - it’s trivial to circumvent grub password protection. You only need to mount the image and won’t even notice there is a grub password. I know this for sure, because during Whonix development mounting images is something like a prerequisite skill.[/quote]

Thanks Adrelanos, this is the answere I was looking for.
So in fact it is very easy to mount a Whonix “Virtual Maschine Disk Image”.

This means any kind of password is totaly useless in this scenario, because a mounted Image is like an HDD in the attackers hand, so he can read any file on this disc.

In this case encryption is the only way to hide my files.

@donothackme

This means any kind of password is totaly useless in this scenario, because a mounted Image is like an HDD in the attackers hand, so he can read any file on this disc.
Isn't that exactly what I told you at https://www.whonix.org/forum/index.php/topic,45.msg338.html#msg338 *confused*

[quote=“Cerberus, post:10, topic:64”]@donothackme

Isn’t that exactly what I told you at https://www.whonix.org/forum/index.php/topic,45.msg338.html#msg338 confused[/quote]

@Cerberus

No reason to be confused, you gave me exactly the same and correct answere.
But you write it in your later EDIT and so I dont read it. But now I have a look on it and of course it is the answere I was looking for, so thanks to you too!

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]