Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] LUKS encrypted disk on a virtual private server
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1289

PostPosted: Mon Nov 16, 2015 7:24 am    Post subject: [solved] LUKS encrypted disk on a virtual private server Reply with quote

Hi all,

I am installing gentoo on a Server, which is a hosted vps. Thats why I am installing it on a luks encrypted drive. But what if the hoster takes a snapshot while the vm is running. Will he be able to see all data of the virtual harddisk, or does encryption prevent them from accessing the data on this Setup?

Thanks for clarifying. :)


Last edited by Elleni on Mon Nov 16, 2015 8:23 pm; edited 1 time in total
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3461

PostPosted: Mon Nov 16, 2015 5:21 pm    Post subject: Reply with quote

Snapshot of a hard drive is not a big deal. Things are getting more funny when you notice they also have full access to RAM that does not reside on LUKS.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Mon Nov 16, 2015 5:35 pm    Post subject: Reply with quote

If you don't trust your hoster the encryption is broken. Virtualization gives easy access to keys in RAM.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1289

PostPosted: Mon Nov 16, 2015 8:22 pm    Post subject: Reply with quote

Thanks guys for clarifiying, so Luks encryption does not make sense in this case. Thanks for pointing that out. :)
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Mon Nov 16, 2015 8:31 pm    Post subject: Reply with quote

Elleni wrote:
Luks encryption does not make sense in this case


It depends on why you want disk encryption. The hoster dumping your RAM to get keys is a very specialized scenario.

Encryption still helps in the case that your hoster sells broken HDDs on Ebay (or puts one in another costumer's server by accident). It also might help in case of bugs in the virtualisation solution that might give neighboring VMs physical access to your disk.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1289

PostPosted: Wed Nov 18, 2015 1:12 am    Post subject: Reply with quote

Hi frostschutz,

thank you for pointing that out. Having setup diskencryption including encryption of boot I enjoy my vps and I do keep in mind the limitations mentioned here :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum