You are not logged in.

#1 2012-09-25 16:33:58

mosquitogang201
Member
Registered: 2012-06-19
Posts: 33

[SOLVED] Where can files in an encrypted folder leak to?

I am doing a fresh install of Arch on a new computer. I do keep bank account records, tax returns, and other personal documents on my hard drive, so I would like to keep an encrypted folder inside my home folder to contain all of these. Where can such files leak to outside of the encrypted folder? Programs that could be used to access the files are Kate (or other text editor), LibreOffice, Okular, and maybe others. I would prefer not to do full disk encryption since I do not have enough sensitive stuff to warrant slowing down the entire computer.

I plan not to use swap (have 8GB RAM) and /tmp will be a tmpfs (I know that the files could end up in either of these). Which folders in /var could the files leak to? Most of /var, such as log files and the pacman cache, I do not have any reason to encrypt. Is there anywhere else the files could leak to?

Last edited by mosquitogang201 (2012-10-02 12:49:37)

Offline

#2 2012-09-25 16:56:59

drcouzelis
Member
From: Connecticut, USA
Registered: 2009-11-09
Posts: 3,523
Website

Re: [SOLVED] Where can files in an encrypted folder leak to?

I really new and inexperienced at using encryption (TrueCrypt), but there are only a few places I check for leaks:

If any application ever makes a thumbnail of your file then it'll be saved in your home directory (probably) somewhere. I don't know how relevant this is to anything besides image files.

If the file names themselves are sensitive then be sure to consider things like "Recent Documents" lists, in particular the ones saved by GConf.

That's pretty much all I've got. That, and don't forget to empty your recycle bin. tongue

Online

#3 2012-09-25 18:58:01

knopwob
Member
From: Hannover, Germany
Registered: 2010-01-30
Posts: 237
Website

Re: [SOLVED] Where can files in an encrypted folder leak to?

Some editors create backup files while editing or before saving etc.

Offline

#4 2012-09-28 11:07:44

hunterthomson
Member
Registered: 2008-06-22
Posts: 794
Website

Re: [SOLVED] Where can files in an encrypted folder leak to?

Check if your CPU supports AES-NI. All the new Ivy Bridge CPU's have it and most Sandy Bridge. With this there is basicaly no slowdown, or computational overhead, becuase there is an on-die crypto chip to compute most of the AES calculations in hardware. If your CPU supports AES-NI then use AES for the full-disk instead of trying to track down every posible temp and cache directory.

https://wiki.archlinux.org/index.php/SS … 30_256GB_2

If your CPU dose not support AES-NI, then ya, you will take a speed hit, and spend a lot of CPU time on it. Use TwoFish instead of AES which is a stronger encryption algorithm, and just as fast or faster depending on your setup.

Mounting /tmp as a tempfs is vary good. Same goes for not haveing a swap partition. However, there are many other places files can be cached, such as /var/tmp. Mounting /var/tmp as a tempfs can cause problems though, as these temp files are supose to be preserved between system reboots (link below). Then there are a number of .cache and .tmp directories all over the place. Kate dose seem to just write the backup files in the current directory. You can craft a 'find' command to locate all of them and then ether mount them in a tempfs or symlink them to /tmp.

All in all, nothing is ever perfect, but don't let that bring you down. Just do the best you can. Whatever you do will certainly be better then just leaving it all in plain text wink

http://www.pathname.com/fhs/2.2/fhs-5.15.html


OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec

Offline

#5 2012-09-28 19:47:03

Pres
Member
Registered: 2011-09-12
Posts: 423

Re: [SOLVED] Where can files in an encrypted folder leak to?

In addition to what has been said above, I'd also look at mlocate since it creates a database of where files reside on your system (and what their name is). It doesn't leak the actual data, but someone could use it to analyze what was on the encrypted partition to tell if it's worth pursuing.

Offline

#6 2012-09-28 22:28:39

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,277

Re: [SOLVED] Where can files in an encrypted folder leak to?

You don't write what kind of "encrypted folder" you intend to use. I would add that filesystem journals may leak data also (see e.g. here). It may be better to use a separate partition for it (tax returns are small - not much space needed :-) , to mount as required) or maybe ecryptfs.

Offline

#7 2012-09-28 23:26:07

hunterthomson
Member
Registered: 2008-06-22
Posts: 794
Website

Re: [SOLVED] Where can files in an encrypted folder leak to?

Watch Jacob Applebaum's talk on full disk encrpytion at 22C3

22C3: A discussion about modern disk encryption systems
http://www.youtube.com/watch?v=MPEKX3WE-VI

(It seems, fingers crossed, that LUKS fixes the problems he sees with dm-crypt)

Last edited by hunterthomson (2012-09-28 23:27:23)


OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec

Offline

#8 2012-10-01 18:27:22

Pres
Member
Registered: 2011-09-12
Posts: 423

Re: [SOLVED] Where can files in an encrypted folder leak to?

hunterthomson wrote:

Watch Jacob Applebaum's talk on full disk encrpytion at 22C3

22C3: A discussion about modern disk encryption systems
http://www.youtube.com/watch?v=MPEKX3WE-VI

(It seems, fingers crossed, that LUKS fixes the problems he sees with dm-crypt)

He admits there he really hasn't studied dm-crypt. His analysis of it seems to be based around dm-crypt being compared to cryptoloop. I wish he had informed himself on dm-crypt the same as the other methods he discussed. Also keep in mind that presentation is from 2005, so while still relevant, it's dated.

Offline

#9 2012-10-01 23:28:49

hunterthomson
Member
Registered: 2008-06-22
Posts: 794
Website

Re: [SOLVED] Where can files in an encrypted folder leak to?

Pres wrote:
hunterthomson wrote:

Watch Jacob Applebaum's talk on full disk encrpytion at 22C3

22C3: A discussion about modern disk encryption systems
http://www.youtube.com/watch?v=MPEKX3WE-VI

(It seems, fingers crossed, that LUKS fixes the problems he sees with dm-crypt)

He admits there he really hasn't studied dm-crypt. His analysis of it seems to be based around dm-crypt being compared to cryptoloop. I wish he had informed himself on dm-crypt the same as the other methods he discussed. Also keep in mind that presentation is from 2005, so while still relevant, it's dated.

I agree. I think the reasons he thought that dm-crypt having the same on-disk format of cryptoloop being a bad thing was that cryptoloop is susepable to a dictionary attack, it dose not allow for a key file, and it dose not securly store the key in memory. All of these things are solved with LUKS. LUKS hashes the key, allows for a key files and multipkeys, decupples the password from the key that encyrpts the dirve, and all the other stuff that was bad about cryptoloop.


OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec

Offline

#10 2012-10-02 12:48:38

mosquitogang201
Member
Registered: 2012-06-19
Posts: 33

Re: [SOLVED] Where can files in an encrypted folder leak to?

Thanks for the input everyone. I will be going with 5 partitions: /boot, /, /var, /home, and /mnt/storage. The /var and /home partitions will be encrypted with LUKS. There are just too many places within /home and /var where stuff can end up to try encrypting only individual folders within them. I will use the storage partition for media and other large files that have no reason to be encrypted and symlink it into /home. I believe this will be the best balance between security and performance. My CPU does support AES-NI so that's an added bonus.

Offline

#11 2012-10-05 04:56:10

hunterthomson
Member
Registered: 2008-06-22
Posts: 794
Website

Re: [SOLVED] Where can files in an encrypted folder leak to?

Owe ya smile That is a genius idea!

You turned the hard problem on it's head, thereby making it a vary easy problem to solve.

Instead of finding and encrypting things that need to be secure, which is vary hard.
You encrypt everything, then just put the things that don't need to be secure on a unecrypted parition, which is vary easy.

To put it another way, you are Whitelisting instead of Blacklisting.

Last edited by hunterthomson (2012-10-05 05:06:04)


OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec

Offline

Board footer

Powered by FluxBB