Hey all, This particular attack seems to me to be the most likely way to defeat any reasonably well setup dm-crypt scheme. So, I have the following [likely non-original] idea, which is only applicable in specific situations. That is to have a daemon, that upon some event, automatically erases all the memory on the machine. The event could be a SMS, an email, some case alarm, but most likely some physical trigger feed into the daemon via a microcontroller plugged into USB/serial. (The trigger could be a reed switch on a door, a motion sensor, pressure gauge, an accelerometer etc..) Naturally you would need the computer in question to one a UPS. Also there would have to be either some kernel patch to add a "wipe_all_system_mem()" functionality, or maybe one could leverage kexec in some manner. What do you guys think, does this sound reasonable? -- Roscoe --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
