[wheels]

Actually not. Just use a loopback cypto FS to store the sensitive stuff. The reason they had to reboot the machine is that they just had access to the HDD where they could change the password, as opposed to having live root access.

[marshray]

I really doubt that "only HDD access" is a secure position in cases where your cloud provider CSR is pwned.

If that's even the case here. We don't have much indication that the attacker couldn't have taken a snapshot of a running system (or that that will be how it happens next time).

So, sure, use a loopback crypto filesystem. It just doesn't provide much in the way of a security guarantee (but it adds some measurable costs).

[tlb]

Indeed. Well-designed money storage systems aren't vulnerable no matter who has console access.

[lsc]

where do you keep the key to the crypto fs?

[RLG_RLG]

Written on a scrap of paper in your wallet. only the password and no other info should be on the scrap.

If you can memorize it, it is a bad password.

[bronson]

That's not strictly true. If you're careful and imaginative, with moderate effort you can commit a fair amount of highly random data to memory. You just can't expect to change it every month.

This may be oversimplified, but it's the correct horse battery staple.

[Avshalom]

Eh, it depends, a random fragment of a very long poem for instance can be quite easy to memorize but at 80-90 words/300-400 characters long is pretty damn secure, doesn't even need to be written down then.

[DanBC]

"muscle memory" helps here. People only need to refer to the scrap of paper for the first couple of weeks of entering a password.

Then that scrap can be securely stored somewhere else. (eg: In your "in case of death" box if you want people to have access when you die.)

[korny]

What the? If you write it down, it's a bad password. Make it a pass phrase, make it long. And possibly store it in an encrypted password database, protected by a master pass phrase.

[mckoss]

My password was randomly generated, has 85 bits of entropy and, it took me only a couple of days to memorize.

[eli]

Hmm, hope you don't take many vacations

[kristianp]

https://www.xkcd.com/936/

[kbuck]

You memorize it.

[lsc]

how do you transmit it to the server in such a way that it can't be intercepted by someone that compromises the bits of your virtual that boot before the key is uploaded?

[RLG_RLG]

By using your public key.

http://www.debian-administration.org/articles/152

You can also require a password AND a cert.

[lsc]

Yes, but will that help you if the attacker trojans whatever it is that is doing the decryption?

I mean, I'm very clearly not a crypto expert, but I do believe that this would be quite a lot like what Bruce Schnier calls 'the evil maid' attack. Instead of having a bootloader, you have a minimal Linux install, then you get a key to that minimal linux install, and that minimal linux install uses that key to decrypt your encrypted disk.

I believe that if that minimal linux install that does the decrypting is compromised before you log in, in theory, the attacker could then insert something in the code that runs after the data is decrypted to, say, send some of that data elsewhere, or, say, open a back door for them to log in and examine the decrypted data.

I mean, certainly, you are making the attacker wait for you to log in (assuming that they've only compromised the admin interface and don't have full root on the dom0) and that's another step you are forcing the attacker to take, and you do at least have a chance then of detecting the compromise and /not/ sending the key, so I'm not saying that it's worthless.

Of course, this is all protecting against a compromise of the admin tools that does not lead to a compromise of the dom0. If the attacker compromises the dom0 without rebooting it or otherwise disturbing the guests? they have access to your ram. They can snapshot both the ram and the disk and take apart the system at their leisure.

[RLG_RLG]

I advise you seek the services of a professional sys admin to secure systems.