On Tue, Dec 29, 2009 at 10:15:36PM +0100, Heinz Diehl wrote: > On 29.12.2009, Arno Wagner wrote: > > > I don't agree. But you have to think outside of the box and use a > > separate, uncompromised boot medium that the attacker did not have > > access to. > > Sorry, but I can't see how this would help. The attacker installs a > hardware keylogger and just doesn't care. That will require a second access to the hardware. And it is a whole order of magnitude (at least) more difficult and expensive that the software attack. > It's a matter of concept: before a security solution is implemented, a > risk analysis has to be done. To have /boot on an external medium or to > store checksums of the unencrypted files on a CD/DVD/stick is fine, as > long as the risk it carries is accepted, along with the worst case scenario > under given circumstances. It's up to the operator. > > For total security, the machine is regarded compromised if access to it ever > has been granted. As a last consequence, it's impossible to detect if the > machine has been tampered with. "total security" is a meaningless concept, unless you design and manufacture all hardware components yourself, which in practce means it is a meaningless concept. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
