On 28.12.2009, Olivier Sessink wrote: > yes you are 100% right from a perfect security viewpoint. However, > we're looking at a "regular user" deployment, and we know that our > regular users are not going to look after their devices as good as > most IT security professionals will do (they might even carry their > password in their wallet, or tell the password over the phone). So > our aim is not 100% perfect security, but just "make it (a lot) > harder" to get to the data. Anybody who has the skills and the motivation to modify your kernel/initrd is far from being your "regular user", and is most likely able and has the expertise to do other things to your machine as well. "Please repeat with me: there is no way to avoid or detect backdoors if physical access to the machine has ever been granted." (Werner Koch on gnupg-users 19.02.2009 on exactly the same topic). _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
