Mr. McGee: I appreciate your ingenuity, but I for one have a top of the line Inspiron 8000, and if its configuration were not high enough to support what I needed, I would just upgrade it. I have never, and will never, use outdated hardware. I prefer having the right tool for the job, every time I have to do work. It is this very mentality of supporting hardware from the Stone Age, which has made the kernel source code in Linux so freaking large. Every single time I update my kernel (and I only use the updates from Mandrake), I am resolved to either being forced to patch the kernel (I prefer not to do this), and always load source for a million and one 386s, 486s, CD-ROM drives that even the most ostentatious of computer museums cannot find. All in the name of being able to stick out our tongues, and say, can W2K/PRO boot on a 386/16 MHz computer? Linux can. So freaking what, I say. I believe that if someone wants modern day software, they ought to come to terms with the fact they need modern day hardware. It sounds condescending and perhaps arrogant, but it is a fact. I have no problem with people continuing to add features for example to Linux for the 386 and 486 platform, I just think their ought to be a kernel you can get which is absent all that stupid fluff. Anyway back to the facts, I have no intention of doing some as you suggest for several reasons: (1) It demonstrates what security algorithm I am using, NOT SMART TO DO (2) If the decrypted kernel is not a kernel at all, and g-d forbid, is a piece of software which talks directly to the hard disk controller, and proceeds to format my hard drive, then I screwed over again, NOT SMART TO DO; (3) Encryption algorithms are supposed to authenticate the kernel, why have to do that twice? Also a waste! (4) There are drivers I use in my kernel that are NOT In module form yet, despite your presumption that everything useful is (EVMS, the competitor to LVM, is not modular yet), thus this solution fails again! (5) I don't have any idea what a "TLA" is, but I prefer a secure method over a less secure method. Kind of silly to employ AES and such, if your going to leave a whole (the unprotected kernel in the DOS partition, which anyone can replace with any kernel, that is designed to be loaded by loadlin) in the system! (6) My computer is as of yet, not setup to use smart cards. However, if I were to employ a system like that (and I am considering it), I would choose to use one of these $300 finger print card readers which goes in a pcmcia card slot. Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Saturday, October 06, 2001 6:58 PM -----Original Message----- From: owner-linux-crypto@xxxxxxxxxxxx [mailto:owner-linux-crypto@xxxxxxxxxxxx]On Behalf Of Rob McGee Sent: Saturday, October 06, 2001 1:15 PM To: linux-crypto@xxxxxxxxxxxx Subject: Re: encrypting the whole disk / all the data On Sat, Oct 06, 2001 at 12:44:32PM -0400, Hank Leininger wrote: > Not speaking for Antti, but I'm concerned not just with "someone could > steal the hard drive out of my laptop" but also "someone could steal the > hard drive out of my laptop, trojan some important binaries in any > non-encrypted partitions I have, then put it back, waiting for me to use it > again and leak key material, run privileged tools while the encrypted > filesystems are mounted, etc, and then steal it again." > > To provide at least some protection from that, you need some assurance of > the integrity of, basically, everything. Plaintext /boot and encrypted > everything else still isn't good enough, as the kernel / initrd could be > swapped out by a malicious party. So, boot off a write-once CDROM with Interesting discussion. As a low-tech way of doing this, you could make a small DOS partition -- 3MB should be enough -- and use "pgp -c" to secure your kernel. Decrypt the kernel then boot with loadlin.exe. Once in GNU/Linux you can go back and verify the integrity of the kernel and the DOS binaries (pgp and loadlin, as well as the OS files). This verification could be automated by a script. Wiping the DOS partition would be a good idea, because an attacker could potentially recover your unencrypted kernel image, and with that could possibly get your pgp -c passphrase. The wiping and restoration of the partition could also be scripted. This could be done with a bootable diskette instead of a partition, but in that case you would need a DOS ramdrive to hold the decrypted kernel and loadlin.exe. There may be issues with loadlin and the memory manager needed for the ramdrive, though (I've never tried it.) With loadlin you're limited to about 1MB compressed kernel image. No big monolithic kernels -- you have to make it modular. This shouldn't be a barrier for anyone yet, because most drivers can be used as modules. Anyway, I just wanted to throw out an idea for those of us who still use our old pre-CD-ROM laptops (portable dinosaurs. :) > Then, of course, you're still trusting your BIOS, keyboard, EM > radiation... And if your opponents have that kind of will and capability they are probably working for a TLA. That of course gives them many other "brute force" methods of password "recovery" (I love how thieves use that word to describe what they do.) Rob - /dev/rob0 Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
