On Mon, August 10, 2009 09:10, Heinz Diehl wrote: > On 10.08.2009, Luca Berra wrote: > > >> Truecrypt developers said that was a moot point, because, if someone is >> able to replace the boot sector it could well replace the code that >> checks its integrity. > > ..which is not true, of course. I can e.g. have a copy of the boot > sector/MBR on a memory stick, together with a checksum file of /boot. > Copying the first 512 bytes and checking it against the checksum of the > known good bootsector on the memory stick will detect any manipulation > immediately. > A simple "dd if=mbr_copy of=/dev/sda bs=512 count=1" will cure the > problem. > > Yes and no. This will only work, if you ensure you are booting from that usb device alltogether. Still though, the boot firmware could be manipulated, which means it does not matter, that you have a backup of the 'correct' mbr somewhre. And I am not even talking about HW manipulation and HW Keyloggers, which are often more easily to install and get back at any particular time later you want. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
