*** This bug is a security vulnerability *** Public security bug reported:
I have installed Xubuntu 11.10 from the "alternate" installer disc and set up whole-disk encryption through the official installer. I am almost 100% certain that when I suspend my machine, my disk's encryption key is left in RAM, and when I hibernate, my key is saved to disk (very bad!). My evidence for this is pretty simple: Upon resuming the machine, no password needs to be entered in order to unlock the disk (only the xscreensaver password, which can be entirely different). This is a major security vulnerability because it means that someone who steals a suspended or hibernated laptop could decrypt its disk using the (unencrypted, readily available) key in RAM or on disk. Worse, I suspect the key would remain on disk even after a shutdown (following a hibernate) unless some secure erase method is used. Since laptops are both the types of machines that people typically encrypt and the types of machines that people typically suspend/hibernate, this seems like a huge security issue to me. ** Affects: ubuntu Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/937361 Title: LUKS encryption keys are not dumped on suspend/hibernate To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/937361/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs