On Wed, Dec 30, 2009 at 03:16:44PM +0100, Heinz Diehl wrote: > On 30.12.2009, Arno Wagner wrote: > > > "total security" is a meaningless concept, unless you design and > > manufacture all hardware components yourself, which in practce > > means it is a meaningless concept. > > Yes, that was a bad choice of words, I realised it directly after sending > the mail to the list. > > s/total security/max possible security under given circumstances/; Better but not quite there either. You do not need "max", you need to find the right risk balance. IT security is risk management, nothing else. First you need an attacker model and an estimation of the worth of your data/system integrity. Then you go from there. If the attacker needs to invest slighlty more than you loose from the attack (and the countermeasurer cost), you have found the right balance. This is made more difficult because you will only have estimates for most numbers. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt