Disclaimer: I’m a newbie to the subject. Trying to learn from the experts.
Let’s say I have a server running ecommerce with millions of customer’s sensitive data, hosted somewhere else far away from me. It’s fully disk-encrypted with LUKS. So, nobody can see the files decrypted if they stole the disk.
But, I have heard that once the server is unlocked with LUKS passphrase, the key resides in RAM. Somebody with physical access to the server could just dump RAM and extract LUKS keys.
How could I protect my server from having LUKS keys stolen from RAM as well? Like a cold boot attack, for example?
Thank you so much for your help!
submitted by /u/matthew_levi12
[link] [comments]