On Wed, Oct 02, 2002 at 06:53:29PM +0200, Earl wrote: > Hi all, > > p> BTW, cryptography is not the 100% perfectly final solution. It is a > p> fairly good protection, in some cases, but nothing more. If someone can > p> access your laptop during 10 minutes, he can boot on a floopy and put a > p> rootkit with a keylogger and your encryption is dead... > > Good point! The chain is only as strong as the weakest link..... > > Can all processes be observed in Linux, or is a rootkit invisible as a > process? Is a keylogger invisible as a process? > > If Linux is not capable of natively showing all running processes, are > there pgms available which are capable of this? > > p> If someone can access your laptop during 10 minutes, he can boot on > p> a floopy and put a rootkit with a keylogger and your encryption is > p> dead... > > I have heard that physical possession of a Linux computer allows > anyone to take over as root, etc. It seems to me that this is a huge > security hole. Can I assume that this is still true in every distro? ...biometric laptops help too... > Is no one concerned about this problem? Is this an inherent weakness > of Linux that can not be corrected? USB key stores (or floppies) with a password encrypted keyfile to decrypt your FS is a bit better. Make the kernel prompt this, not user land. So the hacker would have to recompile the kernel to get your password/file/key. Making the "10min" problem a "30-60min" problem. JLC - participated in too many of the "crypto isn't enough" rants. -- http://www.certainkey.com Suite 4560 CTTC 1125 Colonel By Dr. Ottawa ON, K1S 5B6 C: 613.263.2983 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
