Heinz Diehl wrote: > On 28.12.2009, Olivier Sessink wrote: > >> yes you are 100% right from a perfect security viewpoint. However, >> we're looking at a "regular user" deployment, and we know that our >> regular users are not going to look after their devices as good as >> most IT security professionals will do (they might even carry their >> password in their wallet, or tell the password over the phone). So >> our aim is not 100% perfect security, but just "make it (a lot) >> harder" to get to the data. > > Anybody who has the skills and the motivation to modify your kernel/initrd > is far from being your "regular user", and is most likely able and has the > expertise to do other things to your machine as well. > > "Please repeat with me: there is no way to avoid or detect backdoors if > physical access to the machine has ever been granted." (Werner Koch on > gnupg-users 19.02.2009 on exactly the same topic). I seem to be unable to find this discussion in http://lists.gnupg.org/pipermail/gnupg-users/2009-February/date.html are you sure about this date? Olivier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
