CentOS - Feb 2020 - Encrypted container on CentOS VPS

On 2020-02-24 14:37, lejeczek via CentOS wrote:
> 
> 
> On 24/02/2020 10:26, Roberto Ragusa wrote:
>> On 2020-02-24 10:51, lejeczek via CentOS wrote:
>>> g) remember!! still at least (depending how you mount it)
>>> the 'root' will have access to that data while mounted,
>>> obviously!
>>
>> More than that: the root user will be able to access data
>> in the future too, since it can steal the key
>> while the data is mounted.
>>
>> Regards.
>>
> With a passphare only?
Attackers don't need the passphrase, they can use the
real key used for encryption (dmsetup table).

Regards.

-- 
    Roberto Ragusa    mail at robertoragusa.it

On 02/24/2020 12:42 PM, Roberto Ragusa wrote:
> On 2020-02-24 14:37, lejeczek via CentOS wrote:
>>
>>
>> On 24/02/2020 10:26, Roberto Ragusa wrote:
>>> On 2020-02-24 10:51, lejeczek via CentOS wrote:
>>>> g) remember!! still at least (depending how you mount it)
>>>> the 'root' will have access to that data while mounted,
>>>> obviously!
>>>
>>> More than that: the root user will be able to access data
>>> in the future too, since it can steal the key
>>> while the data is mounted.
>>>
>>> Regards.
>>>
>> With a passphare only?
>
> Attackers don't need the passphrase, they can use the
> real key used for encryption (dmsetup table).
>
> Regards.
>
So the final word seems to be that even if I create this LUKS-encrypted
loop-back file and only mount it when needed, immediately un-mount when no
longer needed, a root user can access this encrypted file system while it is
mounted, and perhaps more importantly, even when it is not mounted since they
can get the key as described above?

My reputable VPS hosting provider in Europe of course outsources some of the
support to other countries. While I have no immediate suspicion that they access
files on my VPS, I also have no way of finding out, nor of protecting myself -
apart from not putting "sensitive" files on the VPS or encrypting
files before uploading them.

If I upgrade to a dedicated server I expect that I will be the root user but
will the hosting company still have access to my server?

What is the use-case here?
Are you concerned that the host may change the data or just read it?
Would re-creating the file anew for each use be practical?
What about using the file in an encrypted form?
I'm thinking of the case of records on people.
Separate "cyphers" for first names, last names and other names
would go a long way toward hiding whatever needs to be hidden.

Keeping the host from reading the data might not be a solvable problem.
Keeping the host from quietly changing the data might be expensive.
If all else fails you might keep copies of the
data on separate hosts and compare their md5sums.
I expect that doing it on your own host has already been deemed a failure.

-- 
Michael   hennebry at web.cs.ndsu.NoDak.edu
"Sorry but your password must contain an uppercase letter, a number,
a haiku, a gang sign, a heiroglyph, and the blood of a virgin."
                                                              --  someeecards

On 2020-02-24 15:57, H wrote:
> On 02/24/2020 12:42 PM, Roberto Ragusa wrote:
>> On 2020-02-24 14:37, lejeczek via CentOS wrote:
>>>
>>>
>>> On 24/02/2020 10:26, Roberto Ragusa wrote:
>>>> On 2020-02-24 10:51, lejeczek via CentOS wrote:
>>>>> g) remember!! still at least (depending how you mount it)
>>>>> the 'root' will have access to that data while
mounted,
>>>>> obviously!
>>>>
>>>> More than that: the root user will be able to access data
>>>> in the future too, since it can steal the key
>>>> while the data is mounted.
>>>>
>>>> Regards.
>>>>
>>> With a passphare only?
>>
>> Attackers don't need the passphrase, they can use the
>> real key used for encryption (dmsetup table).
>>
>> Regards.
>>
> So the final word seems to be that even if I create this LUKS-encrypted
loop-back file and only mount it when needed, immediately un-mount when no
longer needed, a root user can access this encrypted file system while it is
mounted, and perhaps more importantly, even when it is not mounted since they
can get the key as described above?
> 
> My reputable VPS hosting provider in Europe of course outsources some of
the support to other countries. While I have no immediate suspicion that they
access files on my VPS, I also have no way of finding out, nor of protecting
myself - apart from not putting "sensitive" files on the VPS or
encrypting files before uploading them.
> 
> If I upgrade to a dedicated server I expect that I will be the root user
but will the hosting company still have access to my server?
> 
Whoever has physical access to the machine can have everything. In the 
past I was phrasing it "nothing can stop the guy with the
screwdriver".
Do not take the screwdriver literally, of course.

Valeri

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

On 02/24/2020 05:01 PM, Michael Hennebry wrote:
> What is the use-case here?
> Are you concerned that the host may change the data or just read it?
> Would re-creating the file anew for each use be practical?
> What about using the file in an encrypted form?
> I'm thinking of the case of records on people.
> Separate "cyphers" for first names, last names and other names
> would go a long way toward hiding whatever needs to be hidden.
>
> Keeping the host from reading the data might not be a solvable problem.
> Keeping the host from quietly changing the data might be expensive.
> If all else fails you might keep copies of the
> data on separate hosts and compare their md5sums.
> I expect that doing it on your own host has already been deemed a failure.
>
General prudence as to someone accessing my files.