Meltdown and Spectre when using encryption and VPN
Can the Meltdown and Spectre vulnerabilities affect also computers with encrypted home directory and usage of a VPN service? In Other words, would hackers still be able to steal passwords when encrypted transmissions and VPN services are implemented?
Solution 1:
Yes.
Disk encryption protects against access to the disk when it is not in use, for instance if someone steals your computer. VPN protects against anyone sniffing the wire.
Meltdown and Spectre can give attackers local access to the data, before it is encrypted.
For the system to use any kind of information, it more or less has to be available in un-encrypted form. Whenever it is available in un-encrypted form any attacker with superuser access to the computer can copy it at will.
Solution 2:
Yes, in fact this is one of the hypothetical situations where these vulnerabilities might be attacked: when using encryption and trying to access the in-memory encryption key normally unavailable to other processes.