Language Selection

English French German Italian Portuguese Spanish

LUKS mermaids of remote unlock

Filed under

Recently, I’ve browsed several how-to’s regarding the possibility of unlocking a LUKS root volume remotely using an SSH connection. For reference, the first of its kind is the one for Debian, published at Some of these how-to’s were posted to forums and mailing-lists and received many thankful comments from sysadmins wondering how to make their encrypted secure setup also easy to administrate.

The problem with their approach is simple: they asked how to fix their setup, but forgot to ask what they’re trying to protect. Having your root filesystem on an encrypted disk doesn’t protect you from remote exploitation or credential leaks. It just protects you from the risk of someone being able to access your machine locally and steal your data, or just steal the whole machine altogether. Now, if I were an attacker having access to your hardware locally,

I could easily setup a trap for you in less than 5 minutes:

More in Tux Machines

Itty bitty ARM module starts at $27

Variscite’s rugged, 50 x 25mm “DART-6UL” COM runs Linux on an i.MX6 UltraLite SoC, offers NAND, eMMC, and wireless, and starts at $27 in volume. In April, Variscite announced the world’s smallest i.MX6 computer-on-module with its 50 x 20mm, Freescale i.MX6-based DART-MX6. At 50 x 25mm, the DART-6UL doesn’t quite match those dimensions, but it offers greater power efficiency, making it well suited for IoT applications and battery-powered devices. Variscite claims it consumes only 5mA in suspend mode. Read more

Cleaning Linux: Jed’s Nappy

Utah State vs Missouri State Live Streaming Loyola (MD) vs Kansas Live Streaming UT-Arlington vs Texas Live Streaming Northwestern State vs Arkansas Live Streaming Indiana State vs Eastern Illinois Live Streaming Alabama State vs Evansville Live Streaming

Cleaning Linux: Jed’s Nappy /boot

My home NAS machine is an Ubuntu 14.04 machine with a ZFS volume. I need the linux-headers packages in order to compile my ZFS dkms modules. Those take more space than the kernels tend to, so I try and stay on top of removing them. Wonder how many I have? (Read the rest at FreedomPenguin)