On 16 Oct 2021 22:15 +0200, from arno@xxxxxxxxxxx (Arno Wagner): > As to the idea with a dedicated, alerted rack, I know of real-world > installations that do exectly that. This will fail with a competent > attacker as well though, as physical locks and tamper-detection > switches are not that secure as well. Agreed; which is why I specifically said that it'll make the attack more difficult but not impossible. As with pretty much anything else security-related, it's really only a matter of how much money and effort the attacker is willing to throw at the problem, and how much money and effort the defender is willing to throw at the problem of discouraging the attacker. But the simple fact is that inside a VM, the defender is _always_ going to be at a serious disadvantage against an attacker who has access to the hypervisor (whether legitimately or not). That's just a consequence of how the technology works. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx “Remember when, on the Internet, nobody cared that you were a dog?” _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
