On Sun, 9 Feb 2003, Sunder wrote:
> No shit Sherlock, that's the whole point!
Actually it's not, the point is to stop the attacker in their tracks.
> The OS doesn't boot until you type in your passphrase, plug in your USB fob,
> etc. and allow it to read the key. Like, Duh! You know, you really ought to
> stop smoking crack.
Spin doctor bullshit, you're not addressing the issue which is the
mounting of an encrypted partition -before- the OS loads (eg lilo, which
by the way doesn't really 'mount' a partition, encrypted or otherwise -
it just follows a vector to a boot image that gets dumped into ram and
the cpu gets a vector to execute it - one would hope it was the -intended-
OS or fs de-encryption algorithm). What does that do? Nothing (unless
you're the attacker).
There are two and only two general applications for such an approach. A
standard workstation which isn't used unless there is a warm body handy.
The other being a server which one doesn't want to -reboot- without human
intervention. Both imply that the physical site is -secure-, that is the
weakness to all the current software solutions along this line.
--
____________________________________________________________________
We are all interested in the future for that is where you and I
are going to spend the rest of our lives.
Criswell, "Plan 9 from Outer Space"
[EMAIL PROTECTED] [EMAIL PROTECTED]
www.ssz.com www.open-forge.org
--------------------------------------------------------------------
