* Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote: > markus reichelt wrote: > > * Peter_22@xxxxxx wrote: > > > >> So as a conclusion of the mentioned time-limited vulnerability > >> should I remount the side wall of my computer case again? Maybe > >> even replace the original crossheads with tri-wing screws? To > >> put it in a nutshell, I fiercely doubt todays police forces are > >> that talented, since they fail to simply boot up a computer. > > > > I still keep my caske open. > > > > But the one strategy against the attack is denying physical > > access to the machine. > > Sure. If you can do this. Good luck though. In my country, the > police can get what's called a 'sneak and peak' warrant. So when > you go shopping or leave your house, you're in trouble because they > can enter to trojan your computer systems or to bug your house. I > don't really understand how this kind of action can be legal but > apparently the courts in my country don't agree. I agree, but I think we are also fencing over semantics. If they managed to sneak in a bug undetected they win anyway, no need to go through the hassle of some kind of attack. Who knows the key wins. Endgame. And sadly, my country knows this procedure as well, they call it "Gefahr im Verzug" (Imminent Danger) which allows them to enter as they see fit. It's a cat-and-mouse game, always will be, so any measure taken by the mouse, and be it just a little piece of a puzzle, I'm all in. One could f.e. set up a hidden surveillance cam to the machine or just power down the system. > > Apart from that, I have to slightly adapt my loop-AES > > scheme now, I'm not worried. > > How do you plan to adapt it? Modification of the key schedule? A > panic function tied into some sort of sensor hardware? > > I think these may be important modifications and if they are > actually workable, it should be shared. If they aren't workable, it > would be terrible if it was found to be the case after a seizure or > a theft. Agreed. I meant adapting loop-AES root-encryption setup as the booting is done from HDD solely (all other means are disabled in BIOS) with the key residing on an external USB-stick or CD-ROM. The key is to only allow HDD booting, so that a cold-boot attack can only be performed with actual access to the RAM modules and/or HDDs (to replace the boot HDD). > > Thinking along those lines ... cache of other components might be > > worth looking into: graphics cards, hard disk drive cache... > > Anything where memory can be mapped, it may be possible to use for > key storage. I would like to point out that these solutions are not > really solving the problem, they just change the way someone will > carry out an attack. Yes, but time is of the essence and the slower the attack can be carried out, the better it is. It's easier to swap memory modules than to swap a CPU (given that comparable data rentention takes place, which I doubt). That's why secure systems are quite expensive and ordinary users will have to take additional steps themselves. -- left blank, right bald
Attachment:
pgp59PhoxQGxN.pgp
Description: PGP signature
