Announcement

Collapse
No announcement yet.

Cryptsetup 2.6 Released With Support For Apple FileVault2

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cryptsetup 2.6 Released With Support For Apple FileVault2

    Phoronix: Cryptsetup 2.6 Released With Support For Apple FileVault2

    Cryptsetup 2.6 is now available as the newest version of this utility for managing disk encryption on Linux systems in conjunction with the DMcrypt kernel module...

    https://www.phoronix.com/news/Cryptsetup-2.6

  • #2
    Originally posted by xfcemint View Post
    This kind of protection is a very welcome improvement towards solving issues of cybersecurity.

    Unfortunately, all encryption systems of this type are vulnerable to evil maid attacks. Even when a TPM is included in the protection of the computer system, it is still an insufficient protection. An evil maid can easily attack this kind of protection, with a high chance of the attack being successful.

    With the computer hardware lacking support for functionality of a secure-system-N, it is currently not possible to implement a provably secure and practical computer system. A full data (or full disk) encryption with Cryptsetup is one small step towards that very important goal.

    It is truly a shame that current hardware doesn't support the functionality of a secure-system-N (described in this thread), as the extra costs to manufacture a secure-system-N are negligible.​
    I agree. I've heard of thieves with supercomputers but this has only confirmed it. Around where I live they've completely lost their ability to pick locks and instead execute decryption exploits on my cold-off macbook to get access to my cat pictures and see what the login name of my bank is so they can then fish me later. I believe that's called catfishing?

    Comment


    • #3
      Originally posted by xfcemint View Post

      I can't figure out are you serious or sarcastic.

      In the case that you are serious, what you are describing is actually not surprising at all.

      The goal of such thieves is not to get "the login name of your bank account". The thieves are evil maids. They will go for the LOGIN AND PASSWORD of your bank account. An evil maid can REPEATEDLY access a computer system, whenever the user leaves it unattended.

      One simple keyloger installed in your Macbook (or inside the bank's token or other authentication device) is all what they need to accomplish.

      If you thought that you are safe because you always keep with you the bank's credit card with a secure chip on it, ... you are wrong again! Now the thieves need just one slight upgrade to their keylogger: they make it wireless. This constitutes the capabilities of a networked evil maid (see Wikipedia). Then, before you even realize it... you have been robbed, the thieves easily win.
      Wow that's insane that's actually how they catfished me. They told me they were an evil maid coming to cause all sorts of things and that's kind of you know.... I couldn't help but give out my personal information.

      Comment


      • #4
        Wooo. It’s too bad that APFS is now the norm, but this should still be useful for Time Machine backups that were started before Big Sur.

        Definitely better late than never, and hopefully APFS encryption support will be added more quickly.

        Edit: Unfortunately this doesn't work with Time Machine as it doesn't actually use FileVault.
        Last edited by ATLief; 05 December 2022, 04:19 PM.

        Comment


        • #5
          Originally posted by xfcemint View Post
          This kind of protection is a very welcome improvement towards solving issues of cybersecurity.

          Unfortunately, all encryption systems of this type are vulnerable to evil maid attacks. Even when a TPM is included in the protection of the computer system, it is still an insufficient protection. An evil maid can easily attack this kind of protection, with a high chance of the attack being successful.

          With the computer hardware lacking support for functionality of a secure-system-N, it is currently not possible to implement a provably secure and practical computer system. A full data (or full disk) encryption with Cryptsetup is one small step towards that very important goal.

          It is truly a shame that current hardware doesn't support the functionality of a secure-system-N (described in this thread), as the extra costs to manufacture a secure-system-N are negligible.​
          That's why infosec standards like ISO 27001 put an emphasis on not just cybersecurity, but also physical security, and awareness, among others, yes.

          I love how every time a dude always comes up and truly believes they thought of something that no one else has. I also couldn't care less about that shameless plug about your own ramblings on the topic, especially where you talk to yourself about how awesome your concept is.

          Comment

          Working...
          X