Re: need some feedback please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Interesting discussion.

By not tamperproof, I imagine you are referring to the type of attacks where an attacker does something to the first portions of ciphertext in order to trick the user into revealing their password?

I can't help wondering if it shouldn't be possible to hash the entired encrypted device and seperately gpg encrypt that hashfile in order to subsequently detect whether or not the ciphertext on the device had been tampered with?

PS: When I was referring to live cd use I of course neglected to say the idea is that the livecd is kept secure so that OS binaries are not tamperable.




Hubert Chan <hubert@xxxxxxxxx> wrote:
On Fri, 2 Jun 2006 15:51:25 +0200, "M. Kammerer" said:

> Phil H@Fri, Jun 02, 2006 at 02:57:06AM -0700:
>> Applications can write data of one sort or another to /tmp and
>> configuration files and so on to /etc (and of course swap), or
>> perhaps (clandestinely or not) to some other place that you don't

> Encrypting the whole filesystem makes your binaries tamperproof. ...

It may make certain attack vectors harder, but it does not make it
tamperproof.

--
Hubert Chan - email & Jabber: hubert@xxxxxxxxx - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA (Key available at wwwkeys.pgp.net)
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA


-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux