IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [disk-encryption]

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk).

609 questions
50
votes
5 answers

Is laptop "secure sleep" mode theoretically possible?

For laptops with full disk encryption or home folder encryption, one of the risks if it is stolen while in sleep mode is that the encryption key is stored in memory and can be read if an attacker knows how. To me, it seems that, in theory,…
Peter Rankin
  • 611
  • 5
  • 6
11
votes
3 answers

Full disk encryption vs home folder encryption - why should the former be chosen over the latter

Niebezpiecznik.pl, a popular and acclaimed infosec blog in my country, recommends full disk encryption (emphasis original) to all people (ie. "Average Joes"). They warn that in the opposite scenario device theft is likely to have catastrophic…
gaazkam
  • 6,015
  • 11
  • 28
  • 45
8
votes
1 answer

Are default options of cryptsetup/luks secure?

I'm setting up a partition for a linux distribution and I use the command : cryptsetup -y -v luksFormat /dev/sda1. I believe the default options for the current version of cryptsetup are : --hash ripemd160 --cipher aes-cbc-essiv:sha256 …
ChiseledAbs
  • 181
  • 1
  • 3
  • 7
7
votes
1 answer

Is there a way to put a self destroy password on Ubuntu disk encryption?

Is there a way to put a self destroy password on ubuntu disk ecncryption ? Or self destroy after n bad password attempt ? When someone ask you to entre the password, you can enter the "self destruct" password who blank the disk... not a bad idea…
Red44
  • 71
  • 1
7
votes
5 answers

Unattended Disk Encryption

I have been asked to implement disk encryption on a machine that needs to be able to run unattended. The machine has two disks. The first disk has a boot partition and an OS partition, while the second disk only has one partition and is used for…
millinon
  • 173
  • 6
6
votes
3 answers

Is automatic login with full disk encryption a risk?

I use full disk encryption on Linux and wonder whether there is any security risk ob having automatic login on the Linux itself. In case somebody breaks the encryption of the drive, they can read all the data directly, they would not have to log in…
Martin Ueding
  • 688
  • 1
  • 6
  • 18
6
votes
1 answer

Security implications when setting the discard option in /etc/crypttab

Setting the discard option in /etc/crypttab has security implications. From the man page: Allow discard requests to be passed through the encrypted block device. This improves performance on SSD storage but has security implications. Q: What are…
Stian Fauskanger
  • 305
  • 3
  • 8
6
votes
2 answers

SSD Encryption - Difference between models

I understand that most SSDs which support encryption usually encrypt all data, but that only some actually encrypt the encryption key with a user BIOS password. This means that the models which don't do that can be circumvented by moving to a new…
Mark
  • 183
  • 1
  • 5
6
votes
0 answers

How do crypto coprocessors securely decrypt a disk without allowing bus sniffing?

I'm trying to understand how using a crypto co-processor chip can securely decrypt a disk without someone getting the decryption key by sniffing the bus it communicates on or loading the disk onto another computer and viewing the contents that way.…
Roy
  • 61
  • 1
5
votes
2 answers

Where to store passwords of encrypted backup drives

I have all my backup hard drives encrypted with LUKS. Currently, the passphrase is some 25+ random password that I store in my password manager KeePassX. Since I have the backup drives for the case that a single one of the is the only working drive…
Martin Ueding
  • 688
  • 1
  • 6
  • 18
5
votes
2 answers

Is it safe to suspend my computer if I'm using encrypted hard drive?

I'm using disk encryption to protect my data and sensitive information - but only one partition. I used to suspend my computer instead of shutting it down because of very fast resume and very low battery usage. My question is: Is it somehow possible…
user823738
  • 185
  • 1
  • 8
5
votes
2 answers

How secure are most FDE implementations?

I'm applying disk encryption to my local machine and I'm storing the key on a usb drive. This means I need the usb drive to be able to boot. This got me wondering, I've heard about different osses providing encryption, Ubuntu, OS X, Windows. From…
siebz0r
  • 153
  • 5
5
votes
2 answers

Does a drive need to be wiped before encrypting it to be completely safe?

Perhaps this question has been asked before, but I couldn't find anything specifically. I want to fully encrypt my ultrabook's SSD with VeraCrypt, TrueCrypt, or BitLocker (haven't decided yet) and I don't want to format or securely wipe the drive…
Sultan of Swing
  • 151
  • 1
  • 3
4
votes
1 answer

When using FDE, is there any OS/software allowing to get back from hibernation without requiring the disk encryption key?

This question is a spin-off the following one: Are encryption keys wiped from RAM before hibernate, or how to do it (Luks and Truecrypt). In this question, an answer quoted the following message (the initial source was a comment left by a visitor on…
WhiteWinterWolf
  • 19,292
  • 4
  • 61
  • 110
4
votes
3 answers

How does full-disk encryption protect against unexpected power loss?

How does full-disk encryption work when the disk or system unexpectedly loses power? I assume that it doesn't just quickly re-encrypt the data in a split-second, so how does it protect data on the disk after power loss? Does it keep most data…
esote
  • 373
  • 3
  • 12
1
2 3