←back to thread

Bypassing disk encryption on systems with automatic TPM2 unlock

(oddlama.org)
189 points arjvik | 2 comments | 17 Jan 25 03:00 UTC | HN request time: 0s | source
Show context
acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]
I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(19): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #
dangero ◴[17 Jan 25 04:43 UTC] No.42734171[source]
Depends on the use case. If boot requires a password, the computer can never lose power or be rebooted without human presence. That’s not always practical.
replies(3): >>42735690 #>>42735707 #>>42737170 #
teddyh ◴[17 Jan 25 13:12 UTC] No.42737170[source]
You can reboot your full-disk-encryption server while you sleep. Obligatory plug: <https://www.recompile.se/mandos>

Disclosure: I am a co-author of Mandos.

replies(2): >>42737364 #>>42739557 #
prennert ◴[17 Jan 25 13:36 UTC] No.42737364[source]
Has this solution been audited? In particular, is it safe to replay attacks by actors listening in to the network traffic?

Also from the diagram it looks like the secret key is stored unencrypted on the server, or do I read it wrong?

replies(1): >>42738304 #
1. teddyh ◴[17 Jan 25 15:10 UTC] No.42738304[source]
> Has this solution been audited?

Only insofar as everybody that I’ve asked over the years has failed to find anything wrong with it. But no formal verification has been done.

> In particular, is it safe to replay attacks by actors listening in to the network traffic?

Yes, it is safe, since we make sure to only use TLS with PFS.

> Also from the diagram it looks like the secret key is stored unencrypted on the server, or do I read it wrong?

No, the secret is stored encrypted on the server, encrypted with a key which only the client ever has.

For more information, see the introduction and FAQ: <https://www.recompile.se/mandos/man/intro.8mandos>

replies(1): >>42739164 #
2. ◴[17 Jan 25 16:00 UTC] No.42739164[source]