Jump to content

Cold boot attack susceptibility when using LUKS?


Go to solution Solved by user0777,

Recommended Posts

Posted
6 hours ago, user0777 said:

Does this mean my server is susceptible to a cold boot attack?

Not as I understand such attacks as the key would be lost when the reboot happens.   It has to be reloaded/entered every time the system boots as it is not persisted by Unraid across a reboot.

Posted
1 hour ago, itimpi said:

Not as I understand such attacks as the key would be lost when the reboot happens.   It has to be reloaded/entered every time the system boots as it is not persisted by Unraid across a reboot.

Exactly so if you read material on cold boot attacks, stuff that’s in RAM does persist if you pull the power cord to a PC. You could then pull the LUKS key out of RAM. It does indeed seem susceptible

Posted
4 minutes ago, user0777 said:

Exactly so if you read material on cold boot attacks, stuff that’s in RAM does persist if you pull the power cord to a PC. You could then pull the LUKS key out of RAM. It does indeed seem susceptible

Looking at the description in more detail of what it takes to carry out such an attack I suspect that if you have someone with the capability to carry out this sort of attack having physical access to your server then you probably have much larger problems anyway!

  • Like 1
Posted
10 minutes ago, NewDisplayName said:

yeah if u have physical access, just dont turn off the pc and you have it anyway... 

 

Isn’t the whole point of LUKS to protect against physical attacks?

Posted

I think you’ve misunderstood the meaning of Physical access maybe? Physical access means being in the same room as the server not necessarily while it is unlocked.

Posted
5 hours ago, user0777 said:

I think you’ve misunderstood the meaning of Physical access maybe? Physical access means being in the same room as the server not necessarily while it is unlocked.

Yes, someone could enter while the server is not on, but then how do you usually start the server? you have to have some sort of password, physical, or an automated way to unlock it... right?

Posted
10 hours ago, user0777 said:

No, we are talking about the case when the server is already on but locked.

OK. 

 

Now you can just extract the key out of ram. Thats what you mean? And if it were encrypted, you couldnt do that.

 

But dont we have the same problem again, where comes the pw for the encrypted ram?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...