Ubuntu 12.10 Encryption Details

Question

Good Morning!

Short version of the question below.

Please help me understand the encryption features in Ubuntu 12.10. Installing Ubuntu, I opted both for the full disk encryption option as well as for the "encrypt home folder" option. It is my understanding that the encrypted partitions are mounted and deciphered when I turn my computer on.

I now like to know under what circumstances what partitions are dismounted and encrypted again. Obviously, all of them are dismounted when I turn my computer off. And obviously, not all of them are dismounted when I go into suspend or lock. But what about the home folder? Is it dismounted when my computer suspends or is locked? In other words: How secure is my data when I just go into suspend or lock my computer?

Short version:

Is the encrypted home folder dismounted when the computer is locked or goes into suspend?
How secure is my data when my computer is locked but not shut down?

Thank you!

EDIT: Confused hibernate and suspend.

I think the first hurdle is to find out if hibernate works with an encrypted /home, then decide what to do about swap. Those aren't exact dupes but once you read through those (do check the 'Related' sidebar, too) you may have the answers you need. — Tom Brossman, Dec 30 '12 at 09:33
Thanks for your answer Tom! I just noticed that I confused hibernate and suspend. My question was meant to refer to the suspend option. — clueless, Dec 30 '12 at 09:44

score 1 · Accepted Answer · edited Mar 20 '17 at 10:18

I've been looking for the same answer and after a while I found it here on superuser: https://superuser.com/a/94688/35226

Hibernate mode can be made to be very secure, given that your resume device (ie swap device) is encrypted. You will be asked for the pre-boot passphrase after resuming from hibernation. I've tried it, and it works. Not susceptible to cold boot attacks either (well, not after the first minute or so).

Sleep mode is less secure; it does not dump its memory to swap when it goes to sleep. It can be made secure up to a point, in that you can require a password to unlock after resuming. However sleep mode is susceptible to cold boot attacks. Someone with physical access to the machine can find the key and get to your data.

Whole tread is worth reading.

General conclusion for Ubuntu:

Suspending is weak for cold boot encryption attack. Attacker gets dump of your whole memory having physical access to your motherboard and dumps your encryption key. It works the same for any OS.
Hibernating is again not secure, because Ubuntu dumps your memory into swap partition which is not encrypted with default eCryptfs used by Ubuntu.

I'm also not happy with it, but we should always fully shut down computers to feel more safely.

Ubuntu 12.10 Encryption Details

1 Answers1