-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Uwe Menges wrote: > I assume you think of it in eg. a hostile situation (otherwise you could > just wipe it with dd). Using /bin/dd assumes that the systems in question is already booted up and a root shell is available. It wouldn't be too difficult for an attacker to run in, clock the user over the head, and hit ^C to stop the overwrite to copy the contents of /home/* to removable media. > Think twice if you're really better off without the possibility to > access the data (and where you are the only one that can tell if it is > really impossible or not). One supposes it depends on how valuable you consider the information: would it be better for no one to have the data at all, or for an attacker to potentially have at least some of the data at risk? - -- Eric Grejda - Security Engineer, the Prometheus Group PGP: 3651F89F / D04B D4D0 E5E2 5746 7CB7 05CA 1C92 4610 3651 F89F -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpfL6YACgkQHJJGEDZR+J8T/gCfexCWOCAPZCeb6b+DuxI4jFrm g2wAnj/TD7EAv12PUjqVFRcxcrzd5Gt/ =oOlZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
