Wednesday, May 8, 2024
Homepage · encryption
 Popular · Latest · Hot · Upcoming
2
rated 0 times [  2] [ 0]  / answers: 1 / hits: 3870  / 1 Year ago, tue, may 9, 2023, 1:53:33

This article shows me how to see if Ubuntu has encrypted swap. What I would like to know is how I can determine that swap (or any other partition) is truly encrypted. What I would like to see is that some disk utility tries to read the encrypted contents, showing me gibberish, but after inputting the correct passphrase, it shows me the files as expected.



This would be difficult for swap since crypttab uses a random key, but I /should/ be able to see the gibberish that indicates that it is encrypted.



EDIT: I'm adding the output from testdisk. I don't know what to look for here.



 Disk /dev/sda - 500 GB / 465 GiB - ST3500413AS

 Disk /dev/mapper/cryptswap1 - 4008 MB / 3823 MiB

 Disk /dev/mapper/vg_doulos-home - 453 GB / 422 GiB - ST3500413AS

 Disk /dev/mapper/vg_doulos-root - 39 GB / 37 GiB - ST3500413AS

 Disk /dev/mapper/vg_doulos-tmp - 1996 MB / 1904 MiB - ST3500413AS

 Disk /dev/sr0 - 735 MB / 701 MiB (RO) - hp      DVD D  DH16D6SH

 Disk /dev/dm-0 - 39 GB / 37 GiB - ST3500413AS

 Disk /dev/dm-1 - 1996 MB / 1904 MiB - ST3500413AS

 Disk /dev/dm-2 - 453 GB / 422 GiB - ST3500413AS

 Disk /dev/dm-3 - 4008 MB / 3823 MiB


At this point, what should I select to check? For example, I selected /dev/mapper/vg_doulos_home. Then I get a screen that looks like this:



Please select the partition table type, press Enter when done.

 [Intel  ] Intel/PC partition

 [EFI GPT] EFI GPT partition map (Mac i386, some x86_64...)

 [Humax  ] Humax partition table

 [Mac    ] Apple partition map

>[None   ] Non partitioned media

 [Sun    ] Sun Solaris partition

 [XBox   ] XBox partition

 [Return ] Return to disk selection


I automatically select Non partitioned media because that's the default here. I list the files here:



   P ext4                           0  885940223  885940224

Directory /



>drwxr-xr-x     0     0      4096 30-May-2012 11:33 .

 drwxr-xr-x     0     0      4096 30-May-2012 11:33 ..

 drwx------     0     0     16384 30-May-2012 11:03 lost+found

 dr-x------  1000  1000      4096 30-May-2012 11:33 averyc

 drwxr-xr-x     0     0      4096 30-May-2012 11:33 .ecryptfs


I'm still able to drill down into the averyc home directory where I find this directory layout, but I'm unable to copy any of the files:



P ext4 0 885940223 885940224
Directory /averyc



>dr-x------  1000  1000      4096 30-May-2012 11:33 .

 drwxr-xr-x     0     0      4096 30-May-2012 11:33 ..

 lrwxrwxrwx  1000  1000        32 30-May-2012 11:33 .ecryptfs

 lrwxrwxrwx  1000  1000        31 30-May-2012 11:33 .Private

 lrwxrwxrwx  1000  1000        52 30-May-2012 11:33 README.txt

 lrwxrwxrwx  1000  1000        56 30-May-2012 11:33 Access-Your-Private-Data.desktop


Can someone explain what's going on here? How can I verify that this partition is really encrypted?


More From » encryption
 Answers
1

You can boot a live CD and try almost any data recovery tool, such as testdisk. When you run the data recovery tool it will identify all sorts of files. Open any of them and you will see random data.


[#37988] Tuesday, May 9, 2023, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
eatack
Add To Favorites
Follow
Total Points: 245
Total Questions: 120
Total Answers: 113
Location: Estonia
Member since Wed, Jun 8, 2022
2 Years ago
;