jump to navigation

Encrypted home directory 2 November, 2008

Posted by aronzak in Encryption, Linux, Ubuntu.
Tags: , , , , , ,
trackback

By default all users can see all of you’re home directory contents. There’s a new utility that’s bundled with Ubuntu Intrepid called ecryptfs that can create a private directory. Bear in mind that this is by no means perfect, Here’s how to use it.

apt-get install ecryptfs-utils

then

ecryptfs-setup-private

You’ll need to provide your user password and a password to remember, I recommend against using a generated password (unless you write it down… )

Each time you mount your directory, you’ll need to add the key. Warning; One of the ways to do this is extremely insecure(secuina):

ecryptfs-add-passphrase ‘x’

Where x is your passphrase. This puts the passphrase in the process IDs, where someone else can read id. Another way;

printf ‘x’ | ecryptfs-add-passphrase

is also insecure, as it will save the passphrase in your bash history. The safest way is to pass a ‘-‘;

ecryptfs-add-passphrase –

Then you can enter your password on the next line (without it being recorded in .bash_history)

Once your passphrase is entered, use ecryptfs-mount-private

Be careful, this is not as secure as you may think. Some more warnings and mitigations;

– All of the filenames of the private directory are readable in ~/.Private even when it is not mounted. File permissions make the directory only readible to the user, but someone could get access whenever the user is logged in. If an adversary has your password, even if you lock your graphical server, they could log in to a shell (Ctrl+Alt+F<1-6>) or a secure shell (ssh) (if you are running an ssh server) and read the contents of the private directory. They could also use a live session (CD/DVD/usb stick) Thus, someone may be able to guess what is in your private directory.

– Putting files in an encrypted directory immediately marks them out as of interest. I suggest leaving ‘junk’ files that you wouldn’t mind an adversary finding (plausible deniability) and maybe some largeish files (to make it harder to quickly copy out the entire directory)

– If you leave the private folder mounted, an adversary could get access with your user password, without your encryption passphrase. Be careful if you are running a secure shell (ssh) server. Bear in mind that even if you lock your graphical server, someone could log in to a shell (Ctrl+Alt+F<1-6>) and then get access to your files.

– Using ecryptfs-umount-private to unmount the private directory still leaves the password stored.

I’d be happy to hear other workarounds for some of these issues.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: