Decryption of encrypted partition if hack root?

D

dpvpro2015-12-22 22:50:25

linux

dpvpro, 2015-12-22 22:50:25

Greetings!
Let's say I have a system with linux, on which, there is a partition "home" encrypted during installation. How successful will the system be to hack if physical access to the system is gained and the root password is reset. As far as I assume, the hack will be successful. It is enough to reset the root password, and then change the password of a specific user. After that, boot as a normal user, log in, access to the files will be obtained. Is it really so? How then to protect yourself? I know about Truecrypt/Veracrypt.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexey Cheremisin, 2015-12-22
@dpvpro

The user section is usually encrypted with the current password. More precisely, access to the key store is encrypted with the current password, and a long encryption key is taken from the store. In other words, resetting the password will not decrypt it! When the user's password is changed, the keystore is re-encrypted. But you can spy on an already mounted encrypted partition.

V

Vladimir Martyanov, 2015-12-22
@vilgeforce

If there is a root, a keylogger or something else is installed to intercept the password / key.

S

SquareWheel, 2015-12-23
@SquareWheel

With physical access, hacking is a matter of time.