View previous topic :: View next topic |
Author |
Message |
Elleni Veteran
Joined: 23 May 2006 Posts: 1289
|
Posted: Mon Nov 16, 2015 7:24 am Post subject: [solved] LUKS encrypted disk on a virtual private server |
|
|
Hi all,
I am installing gentoo on a Server, which is a hosted vps. Thats why I am installing it on a luks encrypted drive. But what if the hoster takes a snapshot while the vm is running. Will he be able to see all data of the virtual harddisk, or does encryption prevent them from accessing the data on this Setup?
Thanks for clarifying.
Last edited by Elleni on Mon Nov 16, 2015 8:23 pm; edited 1 time in total |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3461
|
Posted: Mon Nov 16, 2015 5:21 pm Post subject: |
|
|
Snapshot of a hard drive is not a big deal. Things are getting more funny when you notice they also have full access to RAM that does not reside on LUKS. |
|
Back to top |
|
|
frostschutz Advocate
Joined: 22 Feb 2005 Posts: 2977 Location: Germany
|
Posted: Mon Nov 16, 2015 5:35 pm Post subject: |
|
|
If you don't trust your hoster the encryption is broken. Virtualization gives easy access to keys in RAM. |
|
Back to top |
|
|
Elleni Veteran
Joined: 23 May 2006 Posts: 1289
|
Posted: Mon Nov 16, 2015 8:22 pm Post subject: |
|
|
Thanks guys for clarifiying, so Luks encryption does not make sense in this case. Thanks for pointing that out. |
|
Back to top |
|
|
frostschutz Advocate
Joined: 22 Feb 2005 Posts: 2977 Location: Germany
|
Posted: Mon Nov 16, 2015 8:31 pm Post subject: |
|
|
Elleni wrote: | Luks encryption does not make sense in this case |
It depends on why you want disk encryption. The hoster dumping your RAM to get keys is a very specialized scenario.
Encryption still helps in the case that your hoster sells broken HDDs on Ebay (or puts one in another costumer's server by accident). It also might help in case of bugs in the virtualisation solution that might give neighboring VMs physical access to your disk. |
|
Back to top |
|
|
Elleni Veteran
Joined: 23 May 2006 Posts: 1289
|
Posted: Wed Nov 18, 2015 1:12 am Post subject: |
|
|
Hi frostschutz,
thank you for pointing that out. Having setup diskencryption including encryption of boot I enjoy my vps and I do keep in mind the limitations mentioned here |
|
Back to top |
|
|
|