Ubuntu encrypted hard drive - possible to crack? [closed]

security password shutdown hacking encryption

I'm using Ubuntu 18.04 on my laptop. If someone would steal my laptop, would it be possible for them to access my data stored on the laptop? Could any of them access my data, not just random people but people who really know what they are doing?

  • I'm using a pretty strong password using a special character, capitalized/normal characters and a digit.

  • I encrypted the hard drive when i installed Ubuntu


Solution 1:

First of all, nothing is totally secure. Computers are extremely complex, and software is extremely complex. The chance of no unknown security holes are basically nil.

Second, a password only protects the running operating system. Unless the disk is encrypted, it's trivial (<3 minutes) to remove the disk from the machine, and read whatever files you want.

Third, configuration has a lot of impact. Do you have an encrypted disk, but unencrypted swap? In that case the passphrase for encryption is probably stored somewhere in swap - especially if you have suspended the system to disk once.

Or do you have Firewire exposed on the computer? Firewire by default allows memory access, which means that an attacker may simply sift trough memory for your encryption keys...

Linux is no more secure than Windows to an attacker that has physical access to the machine - one could even argue that as Windows has TPM support enabled by default if you use Bitlocker, but Linux requires manual configuration of this - that a default Windows installation is safer against a local attacker.

When it comes to remote access (e.g. over a network), Linux distributions tend to fare rather well - simply because they don't run a lot of network services by default.

Define your threats, and try to mitigate them. If you worry about random thiefs getting access to your data, drive encryption and always powering laptop off before moving it or leaving it unattended will probably be enough. Against targeted espionage, that is probably not enough, as an attacker may for instance add logging devices while the laptop is unattended.

So in short - no, don't assume you're safe. Clearly define your threats, and the expected resources of the threat. A random thief will probably spend five minutes trying passwords, and move on and sell the hardware. CIA will be more sophisticated.

Related

Nvidia-smi shows CUDA version, but CUDA is not installed
Add /snap/bin to PATH used by systemd
/bin/ls output does not match manpage
Attempt to re-install ubuntu-software fails: "no installation candidate" [duplicate]
WineHQ on Ubuntu 19.10
I want to reinstall Ubuntu on a new drive and keep my personal data on the old drive
Move bootloader or remove efi partition in second drive
How to disable Latte dock in KDE?
How to open a nautilus directory and select a file in it from the command line?
Installing packages in multiple systems
How do I transfer files over ssh after sudo?
New MAC-address, now I have no network-access