I suppose I was thinking of watermark-type attacks, showing there actually is a filesystem in that randomness (my understanding is that v3.x loop-aes should be immune to these?), or some type of mathematical investigation designed to show the partition has not been recently overwritten by shred or somesuch but has a suspicious form of "randomness" (if such an investigation exists that is).
So my initial assumption was probably correct - it's the extraneous factors (fstab, having encryption software, etc) that probably remain the practical indicators.
What an interesting mail list this is. Perhaps I might even eventually switch careers to this stuff in some form :)
Christian Kujau <evil@xxxxxxxxxx> wrote:
On Wed, 14 Jun 2006, Florian Reitmeir wrote:
> "The" evils have much simpler ways to "crack" your security, a common
> way (rumors) is, that
>
> - "they" grab all your computer staff
> - see its encrypted
s/see/assume/ ...as they can't be sure and probably won't hire a
cryptoexpert to prove this, methinks.
> - return the computer
> - ... with an keylogger, small on the mainboard/keyboard/usb-bus/...
> - then, come about 2 weeks/months later again
there we go again: triple-aes-1024 won't help if the cryptosystem is lame.
What I'm still courious about is: are "they" allowed to tamper with a
"disk with random-looking data"? because, if she says: "No, it's just
random data, dunno what crypto is" then "they" could say: "if it's only
random, you won't object if we wipe your disk, right?".
But these are legal questions, i guess...
--
BOFH excuse #97:
Small animal kamikaze attack on power supplies
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
