Page 1 of 1
LUKS Encryption?
Posted: Sun Nov 07, 2021 5:41 pm
by held
is LUKS encryption in this Linux release?
The reason I ask is because I will be settings up some CIFS and I hate storing passwords on insecure disks.
And it might be a easier to just buy a 'large' sdcard. But none the less I would like to know
Re: LUKS Encryption?
Posted: Mon Nov 08, 2021 11:07 am
by AngelicLiver
Why not create a dedicated shared folder with a user with read-only permissions for the MiSTer only? This way you don't have to worry about insecurely stored credentials?
Re: LUKS Encryption?
Posted: Tue Nov 16, 2021 8:34 pm
by Bas
LUKS won't help much here. Someone would need to steal your SD for that. Network based attack is *far* more likely unless you leave your box unattended at parties and the like. But then you'd better off with a second SD for just that purpose.
I agree with the previous suggestion: set up a low privilege account and be done with it.
Re: LUKS Encryption?
Posted: Mon Dec 06, 2021 7:32 pm
by held
Its not only CIFS, also the wpa_supplicant contains your unencrypted WIFI password
I'm keeping this off the network until I have a proper grasp of the buildroot.
Re: LUKS Encryption?
Posted: Mon Dec 06, 2021 8:20 pm
by Flandango
Encrypt your wifi password with
wpa_passphrase.
I haven't tested it on Mister since I don't use wifi on it, but i've used on various other platforms and since the command is available on Mister, I don't see why it wouldn't work.
Try something like this:
Code: Select all
wpa_passphrase "MY_SSID" "MYPASSWORD"
From the output, use the un-commented psk line in place of your unencrypted psk line in your wpa_supplicant file.
Re: LUKS Encryption?
Posted: Mon Dec 06, 2021 8:36 pm
by Bas
The MiSTer isn't a very secure device networking or otherwise. That's not its priority. Firewall it off by other means if you must. Mine lives in the guest wifi VLAN.
Re: LUKS Encryption?
Posted: Tue Dec 07, 2021 5:56 pm
by held
@Flandango: perfect
@Bas: I figured as much, those highly exploitable Bluetooth dongles I put in the front probably wont help either