On Tue, Dec 29, 2009 at 11:52:37PM +0100, Olivier Sessink wrote: > Arno Wagner wrote: [...] >> But here is something easy: Use an external boot medium for >> verification, e.g. a memory-stick installed Knoppix with some >> custom check script you call manually or automatically. Keep the >> external checker system separate from the laptop. With >> that the ideas you outlined above would work. You can, e.g., >> compary MBR and files in /boot to checksums or good copies. >> I currently have an 8GB SuperTalent Stick with the Knoppix >> DVD installed on it in my vallet. Adding packages and your own >> data/programs is possible as it has a writable filesystem (writes get >> ovelayed on top of the read-only DVD image). > > I am aware of this concept, but it just moves the problem to the usb > image (somebody sneaks into your hotel room at night ....). And again if > somebody did change the usb image there is no way you are going to find > out, even if they did something that could have been detected very > easily such as a changed initrd. I don't expect our "regular users" to > carry a very good safe with them day and night (and a safe can be picked > as well). Simple again: Wear it on a chain around your neck. Anybody that can beat this likely can beat any and all other security measures you can implement. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
