New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Encrypt XEN virtual machine?
Anna_Parker
Member
Did anyone try with success to encrypt XEN based machine with Windows? I have tried on KVM and it works like a charm, but never tried with XEN.
I'm talking about these utils:
https://diskcryptor.net/wiki/Main_Page
http://truecrypt.sourceforge.net/ (7.1a version)
Thanked by 14n0nx
Comments
It should work on Xen HVM.
If anyone wonder if it works I say it works. Tested DiskCryptor on XEN-HVM, succesfully crypted, then system succesfully booted. Remember you must have VNC access! ;-)
Told ya.
And remember your provider can easily grab your encryption keys so don't get lulled into a false sense of security and only host with providers you absolutely trust if you have important data you need to remain private.
http://rand.pw/howsecure/
I don't see why any host would steal a clients data. I have clients who run very profitable gameservers. And their sources are worth a lot of money. Countless times I have had people offer me large sums of money to give the data away. But I always refuse. To me a clients data is nothing it does not bother me if they make $1M USD a month their trust is worth far more then Money.
Both XEN and KVM are a full virtualization, so everything what are working on a regular PC will be working within VPS.
Actually, it depends which version of XEN you use, the most common is XEN-PV and what you said @charlie would not be true for Xen-PV. Now, with XEN-HVM, yes it is full virtualization and can be used how you are suggesting. It is possible to setup encryption in a XEN-PV server but would take co-operation from the host as you can't just install it the way you can with XEN-HVM or KVM.
What @Kujoe is trying to get across here is that the entire time your volume is mounted the key is stored in memory so that files can be read and written to the encrypted volume. The memory, because it is shared with the node, can simply be dumped and the key can be extracted from that dump on the node level. So, if you have a server that is running and someone wanted to gain the encryption key it only takes dumping the node memory and extracting the key from it. If your goal was to protect the data from say the FBI this wouldn't be a fool proof protection as they could come in with a warrant, get access to the server, dump the memory, copy all data off the server in place and then later analyze the data and your VM using the keys they extracted from memory. So unless you have full access to the overall system, there will always be this vulnerability that exists.
Cheers!
You can't run Windows with paravirtualization...