The officially official Devuan Forum!

You are not logged in.

#1 2023-03-06 14:24:06

eyeV
Member
Registered: 2022-11-02
Posts: 13  

Is it safe to encrypt only the home directory?

I have full-system encryption applied, so my applications and UI elements run slower than they could
I am interested in whether any personal data can leak out if you encrypted only the home directory during the installation by making it a separate partition
Сonsidering the swap file will be on the home partition and there is no swap partition

Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible.
What information will be retrieved?

Offline

#2 2023-03-06 14:50:58

User479
Member
From: Central USA
Registered: 2021-11-07
Posts: 24  

Re: Is it safe to encrypt only the home directory?

Something to consider is that the more of your system that is encrypted, the less there is that can be tampered with.  Encrypting only the home dir leaves you vulnerable to keyloggers etc being installed in the system.

Offline

#3 2023-03-06 14:58:11

boughtonp
Member
From: UK
Registered: 2023-01-19
Posts: 212  
Website

Re: Is it safe to encrypt only the home directory?

Safe from who?

If your root filesystem is unencrypted, someone with physical access can read and modify files, and thus manually install whatever they like - including a script to rsync your home partition to a remote server after you've unlocked it.


3.1415P265E589T932E846R64338

Offline

#4 2023-03-06 16:10:18

eyeV
Member
Registered: 2022-11-02
Posts: 13  

Re: Is it safe to encrypt only the home directory?

boughtonp wrote:

Safe from who?

If your root filesystem is unencrypted, someone with physical access can read and modify files, and thus manually install whatever they like - including a script to rsync your home partition to a remote server after you've unlocked it.

[My question was, theoretically, what kind of data can a normal user get, but it doesn't seem to make sense
Since a normal user wouldn't try to look for data in the system folders, if he tries to get it the intruder is likely to plant a virus]

Okay, so let's say there are two versions of encryption and two paths of events:
---------------------------------------------------------
1) Encrypting the whole system partition
The attacker can't install a virus to compromise the system (Is that definitely impossible?)
=
This encryption protects against an advanced attacker capable of installing a virus (?)
---------------------------------------------------------
2) Encryption of home folder only
System works faster than fully encrypted
An intruder could install a virus which would compromise the system
=
This encryption protects against a common attacker who has a Live USB
---------------------------------------------------------

In that case the question arises, is it possible to install a virus in the grub boot loader with full-system encryption?
If installing a virus in grub is as difficult as installing a virus in the system, then there is no point in encrypting the entire system
If so, is there any way to protect grub?

Is there any sense and possibility to protect yourself from an advanced attacker?

Last edited by eyeV (2023-03-06 16:14:40)

Offline

#5 2023-03-06 17:09:29

delgado
Member
Registered: 2022-07-14
Posts: 187  

Re: Is it safe to encrypt only the home directory?

The architecture of an Knoppix-stick (or iso) is quite interesting in that regard. 
The root file system is on a compressed ISO image - 4.5GB for the DVD-image - read only file system is the point.
If thee is space on the USB-stick, it is possible to have a home directory for files and optionally the overlay-fs can be stored (default is in the RAM until reboot). So can have security updates or even install additional programs.

So: You could combine a read-only-root-fs without encryption with an encrypted overlay-fs for system updates.

(Overlay: Ralph posted yesterday about an overlay file system here https://dev1galaxy.org/viewtopic.php?pid=41386#p41386  Awesome! I was totally unaware of that and am still flashed).

Offline

#6 2023-03-06 17:10:39

chris2be8
Member
Registered: 2018-08-11
Posts: 276  

Re: Is it safe to encrypt only the home directory?

Try searching everywhere outside /home that your user account could write to. (Ignore symlinks though, only permissions on what they point to matter.) Personal data could leak into any of them.

At least check /tmp/ and /var/tmp/ (you would probably need to make them separate encrypted partitions).

Offline

#7 2023-03-06 18:01:13

boughtonp
Member
From: UK
Registered: 2023-01-19
Posts: 212  
Website

Re: Is it safe to encrypt only the home directory?

Firstly, an attacker with physical access doesn't need viruses. (A virus is only one type of malware; they may or not use other malware.)

Second, rationalizing that a "normal user" wouldn't look in system folders is the wrong attitude - if that's the limit of your threat level, a simple password would be enough. (Similarly "advanced attacker" or "common attacker" don't mean much - anyone capable of producing a Live USB is already sufficiently advanced to be a potential concern. What matters more is motivation and opportunity.)

-

Theoretically, a determined adversary with enough time and money can break or bypass any security measures you put in place.

You want "enough" to be sufficiently higher than is available to those who want to access your data - which brings it back to the question of who you're trying to be safe from. Why is someone after your data? What opportunities do they have? Do they care about being detected?

If you can't define the threat, how do you know when you've done enough? Security is always a trade-off against usability, so you've got to decide where to draw the line.

-

Your original concern referenced performance, but I'm guessing you don't have the fastest machine available, so it will always be running "slower than it could be" - that isn't a meaningful metric.

If it's too slow that is when you first decide if you can upgrade hardware to resolve that, or if you can install more efficient software, or change the configuration of existing software, etc. If none of that helps, then decide whether the security gained by encryption is worth the cost in reduced usability.


3.1415P265E589T932E846R64338

Offline

#8 2023-03-06 18:28:42

eyeV
Member
Registered: 2022-11-02
Posts: 13  

Re: Is it safe to encrypt only the home directory?

delgado wrote:

The architecture of an Knoppix-stick (or iso) is quite interesting in that regard. 
The root file system is on a compressed ISO image - 4.5GB for the DVD-image - read only file system is the point.
If thee is space on the USB-stick, it is possible to have a home directory for files and optionally the overlay-fs can be stored (default is in the RAM until reboot). So can have security updates or even install additional programs.

So: You could combine a read-only-root-fs without encryption with an encrypted overlay-fs for system updates.

(Overlay: Ralph posted yesterday about an overlay file system here https://dev1galaxy.org/viewtopic.php?pid=41386#p41386  Awesome! I was totally unaware of that and am still flashed).

That's an interesting idea, but KNOPPIX hasn't been updated in two years, and installing it on a disk is a rudiment
And for example a flash drive has a limited number of rewrite cycles, it is not meant to be used as a primary OS:

"If you simply write data to a USB flash drive and put it away in a safe place for 10 years, it will work again and all the data will still be there.
But if you continue to use it over and over again, it will definitely wear out eventually.

The life expectancy of a USB Flash Drive can be measured by the number of write or erase cycles. USB flash drives can withstand between 10,000 to 100,000 write/erase cycles, depending on the memory technology used.

When the limit is reached, some portion of the memory may not function properly, leading to lost of data and corruption.
Of course, the flash drive’s life can also end prematurely if you abuse it or subject it to extreme environmental conditions. Additionally, if low quality memory components are used, the flash drives can fail at a much earlier time."

https://www.flashbay.com/blog/usb-life-expectancy

So if anyone decides to repeat this venture, let them buy an external HDD/SSD or a regular HDD/SSD with an adapter/case for usb or other external interfaces
Most likely in my case it would be slow and not practical, I would not choose this way

Offline

#9 2023-03-06 19:25:54

eyeV
Member
Registered: 2022-11-02
Posts: 13  

Re: Is it safe to encrypt only the home directory?

boughtonp wrote:

Firstly, an attacker with physical access doesn't need viruses. (A virus is only one type of malware; they may or not use other malware.)

Second, rationalizing that a "normal user" wouldn't look in system folders is the wrong attitude - if that's the limit of your threat level, a simple password would be enough. (Similarly "advanced attacker" or "common attacker" don't mean much - anyone capable of producing a Live USB is already sufficiently advanced to be a potential concern. What matters more is motivation and opportunity.)

-

Theoretically, a determined adversary with enough time and money can break or bypass any security measures you put in place.

You want "enough" to be sufficiently higher than is available to those who want to access your data - which brings it back to the question of who you're trying to be safe from. Why is someone after your data? What opportunities do they have? Do they care about being detected?

If you can't define the threat, how do you know when you've done enough? Security is always a trade-off against usability, so you've got to decide where to draw the line.

-

Your original concern referenced performance, but I'm guessing you don't have the fastest machine available, so it will always be running "slower than it could be" - that isn't a meaningful metric.

If it's too slow that is when you first decide if you can upgrade hardware to resolve that, or if you can install more efficient software, or change the configuration of existing software, etc. If none of that helps, then decide whether the security gained by encryption is worth the cost in reduced usability.

Thanks for the reply, indeed I need to create several options from which I need to choose

1) Hardware upgrade = fast performance and malware protection
2) Encrypt /home = fast performance and vulnerability to malware
3) Remove encryption = performance and vulnerability to file copying

We're not talking about protection from FBI, multinational corporation, super hackers, etc.
Rather like an average service center worker, or a burglar who stole a computer, such data leakage happens all the time and it would be nice to be insured against it.

My HDD does take a long time to open applications after full-system encryption, and I'm ready to continue using everything as it is
I won't be upgrading the hardware (SSD) and I don't want to make my data vague either, but I don't mind doing home encryption only for the sake of speed
My question is what kind of data can theoretically be taken out of the root of the system, as I see a tradeoff between performance and protection here, that's why I created this thread

Also, it really was a mistake to call it a "virus", I meant any malicious changes introduced into the system

Offline

#10 2023-03-06 23:36:44

zapper
Member
Registered: 2017-05-29
Posts: 907  

Re: Is it safe to encrypt only the home directory?

I Don't know how you would do this, but my recommendation would be to FDE - /Boot

I know how to do this in other Unixlike OS, one specific one...

tongue

But as for Devuan, never tried to... ever.

Just is the case aka.


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#11 2023-03-07 17:06:32

chris2be8
Member
Registered: 2018-08-11
Posts: 276  

Re: Is it safe to encrypt only the home directory?

If your problem is that the system runs slowly then start by trying to fix that *without* disabling FDE.

A few questions to start with:
What sort of system is it? (Desktop or Laptop, make model, etc?)
What CPU has it got?
How much memory has it?
What is it's display? (Could you add a GPU if it hasn't got one?)
What is running on it? (OS, desktop env, etc?)
Is it using swap space very often? (If yes then adding memory might speed it up a lot.)

Try running top and vmstat to see if they say anything interesting.

Hopefully answering that lot will point you towards a fix.

Offline

#12 2023-03-08 01:09:26

Devarch
Member
Registered: 2022-10-03
Posts: 62  

Re: Is it safe to encrypt only the home directory?

eyeV wrote:

I have full-system encryption applied, so my applications and UI elements run slower than they could
I am interested in whether any personal data can leak out if you encrypted only the home directory during the installation by making it a separate partition
Сonsidering the swap file will be on the home partition and there is no swap partition

Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible.
What information will be retrieved?

Is it safe to encrypt only the home directory? - No
I have full-system encryption applied, so my applications and UI elements run slower than they could - it should not be the case. AES encryption is supported by CPU itself so the slowdown should be negligeable.
Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible - your activity including logs, time etc.
More of that if your system is compromised either by inserting flash or by other means the attacker can get luks password.

Offline

#13 2023-03-08 21:05:38

zapper
Member
Registered: 2017-05-29
Posts: 907  

Re: Is it safe to encrypt only the home directory?

Devarch wrote:
eyeV wrote:

I have full-system encryption applied, so my applications and UI elements run slower than they could
I am interested in whether any personal data can leak out if you encrypted only the home directory during the installation by making it a separate partition
Сonsidering the swap file will be on the home partition and there is no swap partition

Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible.
What information will be retrieved?

Is it safe to encrypt only the home directory? - No
I have full-system encryption applied, so my applications and UI elements run slower than they could - it should not be the case. AES encryption is supported by CPU itself so the slowdown should be negligeable.
Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible - your activity including logs, time etc.
More of that if your system is compromised either by inserting flash or by other means the attacker can get luks password.

Actually, this reminds me... I tried installing Devuan on an old AMD Athelon 64 bit processor desktop computer once.

I tried putting doing the encrypted install option of devuan on it, but funny thing happened...

Anytime I tried to do this, it refused to boot when I went to reboot it.

Come to find out, it absolutely cold not handle that part!

I don't encrypt the part before the login screen appears and it worked! But before? NO!

LOL!

It was an HP desktop computer btw.  Not sure how their quality was then, but yeah...

Maybe it is something to do with the system and not devuan itself that is the OPs problem.

Aka, the hardware...

Just a thought... and yeah, this was a real experience I had once when I decided to try to change the OS on an old computer my father rarely used anymore, that he said was okay for such a purpose.

Anywho, I hope I made my point clear to any who weren't aware of this possibility.

big_smile

Btw, this wasn't even FDE either, it was the standard install method... which made things really odd.

Last edited by zapper (2023-03-08 21:06:38)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#14 2023-03-08 21:35:59

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,194  

Re: Is it safe to encrypt only the home directory?

@zapper please stop including the previous post into your post.
Doing so creates a very tedious and confusing forum thread.

Offline

#15 2023-03-09 18:38:06

eyeV
Member
Registered: 2022-11-02
Posts: 13  

Re: Is it safe to encrypt only the home directory?

Devarch wrote:

Is it safe to encrypt only the home directory? - No
I have full-system encryption applied, so my applications and UI elements run slower than they could - it should not be the case. AES encryption is supported by CPU itself so the slowdown should be negligeable.
Suppose you plug a flash drive into such a system and try to retrieve as much user information as possible - your activity including logs, time etc.
More of that if your system is compromised either by inserting flash or by other means the attacker can get luks password.

Thank you, it was expected something like that, I really forgot that there are logs and they are not saved to the home folder, so I will not change my encryption

Just to be clear please tell me which way attacker can get hold of luks password.
Is it possible that it is stored in some configuration file on the disk or something like that?
I have noticed that if the system saves the password of another luks partition, it is stored in a file, in plaintext, not inside the home directory

And about performance, as I understand you mean CPU support for "AES instruction set" - https://en.wikipedia.org/wiki/AES_instruction_set
My processor doesn't support it, but it doesn't matter, I'm fine with this performance if changing the encryption would be to the detriment of security

Offline

#16 2023-03-10 19:09:33

eyeV
Member
Registered: 2022-11-02
Posts: 13  

Re: Is it safe to encrypt only the home directory?

chris2be8 wrote:

If your problem is that the system runs slowly then start by trying to fix that *without* disabling FDE.

A few questions to start with:
What sort of system is it? (Desktop or Laptop, make model, etc?)
What CPU has it got?
How much memory has it?
What is it's display? (Could you add a GPU if it hasn't got one?)
What is running on it? (OS, desktop env, etc?)
Is it using swap space very often? (If yes then adding memory might speed it up a lot.)

Try running top and vmstat to see if they say anything interesting.

Hopefully answering that lot will point you towards a fix.

My performance is more or less fine, the only thing that applications/interface elements after reboot take a long time to appear at first start
I have a hard drive and not SSD, and it is not the fastest, so I am sure it's the encryption

Offline

#17 2023-03-10 19:37:37

Devarch
Member
Registered: 2022-10-03
Posts: 62  

Re: Is it safe to encrypt only the home directory?

eyeV wrote:

Just to be clear please tell me which way attacker can get hold of luks password.
Is it possible that it is stored in some configuration file on the disk or something like that?

My processor doesn't support it, but it doesn't matter, I'm fine with this performance if changing the encryption would be to the detriment of security

No it's in RAM. In the case when some hack toy like flash or similar is applied it's possible to modify unencrypted files on root partition. In this case after you boot your system the content of the RAM can be read and sent to an attacker.

It's possible to block access to any USB from withing the system, but only from running system, so it's better to use FDE.

There is still unencrypted boot or unencrypted efi partition. Nevertheless there are some mitigations.

Do you have an old processor? Yes it slows down.

Offline

Board footer