at Monday, February 10, 2003 3:20 AM, Jim Choate <[EMAIL PROTECTED]> was seen to say: > On Sun, 9 Feb 2003, Sunder wrote: >> The OS doesn't boot until you type in your passphrase, plug in your >> USB fob, etc. and allow it to read the key. Like, Duh! You know, >> you really ought to stop smoking crack. > Spin doctor bullshit, you're not addressing the issue which is the > mounting of an encrypted partition -before- the OS loads (eg lilo, > which by the way doesn't really 'mount' a partition, encrypted or > otherwise - it just follows a vector to a boot image that gets dumped > into ram and the cpu gets a vector to execute it - one would hope it > was the -intended- OS or fs de-encryption algorithm). What does that > do? Nothing (unless you're the attacker). indeed. it usually boots a kernel image with whatever modules are required to get the main system up and running;
> There are two and only two general applications for such an approach. > A standard workstation which isn't used unless there is a warm body > handy. The other being a server which one doesn't want to -reboot- > without human intervention. Both imply that the physical site is > -secure-, that is the weakness to all the current software solutions > along this line. The solution is only applicable to cold or moderately tamper-proofed systems, to prevent analysis of such systems if confiscated. It can only become a serious component in an overall scheme, but this is universally true - there is no magic shield you can fit to *anything* to solve all ills; this will add protection against the specified attacks and in fact already exists for windows (drivecrypt pluspack) - it is just non-windoze platforms that lack a product in this area.