LUKS Encryption?

Kernel, Main, Utilities & Applications, Miscellaneous Devices.
held
Posts: 209
Joined: Sun Sep 26, 2021 2:18 pm
Has thanked: 27 times
Been thanked: 32 times

LUKS Encryption?

Unread post by held »

is LUKS encryption in this Linux release?

The reason I ask is because I will be settings up some CIFS and I hate storing passwords on insecure disks.
And it might be a easier to just buy a 'large' sdcard. But none the less I would like to know :D
AngelicLiver
Top Contributor
Posts: 433
Joined: Fri May 29, 2020 8:50 am
Has thanked: 86 times
Been thanked: 120 times

Re: LUKS Encryption?

Unread post by AngelicLiver »

Why not create a dedicated shared folder with a user with read-only permissions for the MiSTer only? This way you don't have to worry about insecurely stored credentials?
Bas
Top Contributor
Posts: 622
Joined: Fri Jan 22, 2021 4:36 pm
Has thanked: 80 times
Been thanked: 324 times

Re: LUKS Encryption?

Unread post by Bas »

LUKS won't help much here. Someone would need to steal your SD for that. Network based attack is *far* more likely unless you leave your box unattended at parties and the like. But then you'd better off with a second SD for just that purpose.

I agree with the previous suggestion: set up a low privilege account and be done with it.
held
Posts: 209
Joined: Sun Sep 26, 2021 2:18 pm
Has thanked: 27 times
Been thanked: 32 times

Re: LUKS Encryption?

Unread post by held »

Its not only CIFS, also the wpa_supplicant contains your unencrypted WIFI password :shock:
I'm keeping this off the network until I have a proper grasp of the buildroot.
Flandango
Core Developer
Posts: 459
Joined: Wed May 26, 2021 9:35 pm
Has thanked: 59 times
Been thanked: 383 times

Re: LUKS Encryption?

Unread post by Flandango »

Encrypt your wifi password with wpa_passphrase.

I haven't tested it on Mister since I don't use wifi on it, but i've used on various other platforms and since the command is available on Mister, I don't see why it wouldn't work.
Try something like this:

Code: Select all

wpa_passphrase "MY_SSID" "MYPASSWORD"
From the output, use the un-commented psk line in place of your unencrypted psk line in your wpa_supplicant file.
Bas
Top Contributor
Posts: 622
Joined: Fri Jan 22, 2021 4:36 pm
Has thanked: 80 times
Been thanked: 324 times

Re: LUKS Encryption?

Unread post by Bas »

The MiSTer isn't a very secure device networking or otherwise. That's not its priority. Firewall it off by other means if you must. Mine lives in the guest wifi VLAN.
held
Posts: 209
Joined: Sun Sep 26, 2021 2:18 pm
Has thanked: 27 times
Been thanked: 32 times

Re: LUKS Encryption?

Unread post by held »

@Flandango: perfect :D

@Bas: I figured as much, those highly exploitable Bluetooth dongles I put in the front probably wont help either :lol:
Post Reply