On Mon, Aug 10, 2009 at 12:34:37PM +0200, Michael Gebetsroither wrote: > * Marc Ballarin <Ballarin.Marc@xxxxxx> wrote: > > > Only booting from a trustworthy medium would help and the same is true > > in the case of truecrypt. > > No, even this does not help. > As it's too easy to get code persistent in some location on the > computer which is run on every boot. Well, it is not absolute, but it can help driving the attacker effort way up. There is limited capacity to have malcode hiding in the BIOS FLASH (for example), and it cannot easily be made to work with every OS. The trusted system will still have to work and the malcode will somehow have to extract keys and/or passphrase. With a Linux system, this basically requires virtualization. If the trusted medium uses alternate password entry methods, simple sniffing of keystrokes will not be enough and the effort to still get the password may be prohibitively high. >From my observations the really good potential attackers work for government agencies or in research and will not attack low value targets, such as hosts storing personal data of individuals and booting from a trusted medium should usually be pretty safe for individuals. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
