2011/11/30 Arno Wagner <arno@xxxxxxxxxxx>: > On Wed, Nov 30, 2011 at 03:22:50PM +0100, Ma Begaj wrote: >> 2011/10/4 Heinz Diehl <htd@xxxxxxxxxxxxxxxxx>: >> > On 04.10.2011, Jan wrote: >> > >> >> You have a fully encrypted system on your USB stick like privatix >> >> (see http://www.mandalka.name/privatix/index.html.en ) and you are >> >> sitting in an internet cafe. There's a hardware keylogger installed >> >> on that the PC you use. You lose your USB stick, maybe you even >> >> forget it in the internet cafe (this happens)! >> > [.....] >> > >> > Privacy on a machine outside of your control is a no-go. >> > There are by far more options to get access to your data if >> > somebody other than yourself has admin/root access to the machine >> > you're using. A simple script which does a copy of anything inserted >> > will do it. Or the admin himself logged in from another machine, and >> > many more... >> >> >> that is not true. two factor authorization solves this problem pretty easy. > > It seems to until you look more closely. Current attacks > on online-banking demonstrate the attack. The only way around > that is basically to delegate all interaction to a device > the attacker did not have access to. Everything else just > increases attackert effort, but is still feasible. > >> I am using barada on my machines for SSH and it is working pretty great. >> http://barada.sourceforge.net/ > > What has "working well" to do with "being secure"? Not a lot, I > would say. If the machine you do this one has been pepared > to hijack ssh-sessions, it can easily look over all your stuff > without you ever knowing and install a backdoor on the machine > you logged in to. This is a practical attack, even if it causes > some effort on the attacker's side. there is no absolute security on other people's machine but two factor authentication is a secure solution against keylogger attacks and I was pointing to that. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
