No to nitpick, but my approach would be to not boot the computer at all, but remove the drive and copy it (e.g. attached by USB) on a different machine. On Thu, Jul 16, 2009 at 09:48:22AM -0400, Eric Grejda wrote: > Uwe Menges wrote: > > I assume you think of it in eg. a hostile situation (otherwise you could > > just wipe it with dd). > > Using /bin/dd assumes that the systems in question is already booted up > and a root shell is available. It wouldn't be too difficult for an > attacker to run in, clock the user over the head, and hit ^C to stop the > overwrite to copy the contents of /home/* to removable media. Already overly complicated ;-) > > Think twice if you're really better off without the possibility to > > access the data (and where you are the only one that can tell if it is > > really impossible or not). > > One supposes it depends on how valuable you consider the information: > would it be better for no one to have the data at all, or for an > attacker to potentially have at least some of the data at risk? Actually the risk is different: They can only make you give up the key in uncivilized countries. In others you can successfully claim to not remember it or that the data is purely random. These people can apply rubber hose crypto to you for an extended period of time, possibly doing more damage than if you had given them the key in the first place. Better to not have problematic stuff on your drive if you are in such a country. Oh, and btw, having cryptographically strong randomness on a drive is also a risk. Come to think of it, I do secure wipoes by mounting with dm-crypt and random password, then overwrite with ordinary prng-randomness. There is no way I can prove I do not have the key or the data was random. But that alone should protect me here. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
