On Tue, Dec 29, 2009 at 12:11:58AM +0100, Heinz Diehl wrote: > On 28.12.2009, Olivier Sessink wrote: > > > yes you are 100% right from a perfect security viewpoint. However, > > we're looking at a "regular user" deployment, and we know that our > > regular users are not going to look after their devices as good as > > most IT security professionals will do (they might even carry their > > password in their wallet, or tell the password over the phone). So > > our aim is not 100% perfect security, but just "make it (a lot) > > harder" to get to the data. > > Anybody who has the skills and the motivation to modify your kernel/initrd > is far from being your "regular user", and is most likely able and has the > expertise to do other things to your machine as well. > > "Please repeat with me: there is no way to avoid or detect backdoors if > physical access to the machine has ever been granted." (Werner Koch on > gnupg-users 19.02.2009 on exactly the same topic). I don't agree. But you have to think outside of the box and use a separate, uncompromised boot medium that the attacker did not have access to. With only the potentially modified system, you would have to reverse-engineer all software on it, which is infeasible in practice, even more so without an additional external system to do the analysis on. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
