Originally posted by Espionage724
View Post
Announcement
Collapse
No announcement yet.
Linux Full Disk Encryption Performance For The AMD Ryzen 7 PRO / HP Dev One
Collapse
X
-
Originally posted by Espionage724 View Post
Yeah that sounds familiar; can anything be done to decrypt or bypass the encryption with trim in that case? I don’t necessarily mind attackers knowing the drive is encrypted.Last edited by stormcrow; 24 June 2022, 05:05 PM.
Comment
-
Originally posted by Espionage724 View Post
Yeah that sounds familiar; can anything be done to decrypt or bypass the encryption with trim in that case? I don’t necessarily mind attackers knowing the drive is encrypted.
Filesystems probably leave certain patterns on the disk - where they put the metadata. If you find out which kind of filesystem is used by analyzing the patterns that get visible by trimming, that's the first step. With that info, you can probably already reconstruct some data as unencrypted (like: the superblock always is in sector 8192 for the madeup-fs and always starts wit the six letters "MaDeUp"). That weakens your encryption, because now the attacker can reason about the key used to encrypt that known data ("MaDeUp") to the also known encrypted data. I believe it's still pretty hard to reconstruct an encryption key even if you know both, unencrypted and encrypted data for "modern" algorithms - and here you probably only have tiny parts of unencrypted data. But it probably still gets a little easier than not knowing anything.
I'd guess that the weakening trim might introduce doesn't matter for "home use".
- Likes 1
Comment
-
Originally posted by mazumoto View PostIt might also make "plausible deniability" impossible.
- Likes 3
Comment
-
Noob question perhaps: How does Pop OS encrypt the install if the laptop comes pre-loaded with Pop OS, does it simply do a re-install? Is only the users /home directory encrypted? I've setup FDE with manjaro and Ubuntu server before as well as FreeBSD and they all require the options to be set at install time so I'm curious how Pop OS can be different?
Comment
-
Originally posted by kylew77 View PostNoob question perhaps: How does Pop OS encrypt the install if the laptop comes pre-loaded with Pop OS, does it simply do a re-install? Is only the users /home directory encrypted? I've setup FDE with manjaro and Ubuntu server before as well as FreeBSD and they all require the options to be set at install time so I'm curious how Pop OS can be different?Michael Larabel
https://www.michaellarabel.com/
- Likes 1
Comment
-
Originally posted by Espionage724 View PostI haven’t looked into FDE for a few years now, but I recall there being something about trim on SSDs. Can you run fstrim with FDE?
- Likes 1
Comment
-
Originally posted by Michael View Post
How it seems to happen is on first boot of the new system to basically trigger the actual OS install with the image on disk.
- Likes 1
Comment
Comment