Making software secure (tamper resistant, confidential, authentic, etc) is "trying to make water not wet"(tm). You can't do it. Period. There will always be an element of physical security required. So let's end this now before it becomes another /. thread. JLC On Wed, Oct 02, 2002 at 01:26:32PM -0400, Paul Hilton wrote: > Hi Earl, > > > I have heard that physical possession of a Linux computer allows > > anyone to take over as root, etc. It seems to me that this is a huge > > security hole. > > Suggestion: > > Boot from a CD which is secure from being tampered with, and verify a digest > of the system bios before entering the password to allow access to the hard > disk. > > The CD can become a sort of physical key, containing info neccesary for the > decryption of the hard disk. Then remove the CD before running any but the > most > trusted code. > > A hardware keylogger in the keyboard could still defeat any attempt to find > it by software. > > Ultimately you could be fooled by any system, substituted for your original, > which shows the > same interface as yours. > > Or possibly biometric protection? > > Regards, > Paul > > ----- Original Message ----- > From: "Earl" <LARGE.FILES@GMX.NET> > To: <linux-crypto@nl.linux.org> > Sent: Wednesday, October 02, 2002 12:53 PM > Subject: rootkit and 10 minutes ? > > > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/