this post was submitted on 24 Feb 2024
98 points (77.2% liked)
Linux
48220 readers
814 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
By intercepting the key on hardware level
Perfect security doesn't exist. If they've got the engineering capital required to design and manufacture key retrieval hardware, you lost the moment they gained physical access to your equipment.
I agree. Physical access to the device and its often game over.
Sadly reading off the key is already trivial in some cases as showcased in this recent video by stacksmashing
Since the key has to be sent to the cpu in plain text it can easily be sniffed. If however the TPM is integrated in the cpu its not so easy, but then the os can be manipulated or hacked after boot with known exploits.
If you have a long and secure password for you encryption the absolute only way in is to brute force the key which is significantly harder if not impossible regardless of capital
Here is an alternative Piped link(s):
video by stacksmashing
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Most brute-force attacks can be hardened against. Again there's no perfect security, just better security.
If he uses TPM. I'm not aginst OP using it but he needs to understand the drawbacks. At least I hope he will.
Bypassing login is not difficult on a lot of OS.
At least on Windows that requires booting the PC from some other media, and that wouldn't work with the drive encrypted because you have no access to the files you need to modify.
Is it similar with Linux, or do you mean you can actually bypass login from the OS that's already booted up??
It is similar in Linux. Vulnerabilities, bugs, or enough time will get through on any OS so people have to decide on their personal level of paranoia. A lot of people have very little idea how a TPM or sealing key material works.
Yeah, but a lot of those things will trip the TPM module, so you will get a different decryption key if you for example try to use the
single
kernel parameter to boot into a root shell. And different decryption key means no access to the data.