On 26/08/11 21:07, Anthony Papillion wrote: >> Oh, you can own an encrypted filesystem, even if the box is down. The >> Evil Maid attack makes this trivial. And it doesn't matter the >> encryption software used either. > > I read about this attack a few years ago on Bruce Scheiner's blog. It > scared the crap out of me then and it still worries me quite a bit. Of > course, it's just a variant of what we've been telling people forever > now: if the system is compromised, encryption is useless. Still, it's > pretty scary stuff.
I've taken a number of steps to make evil maid and cold boot style attacks against my new laptop much more difficult. It's funny this should come up just now, because I wrote it up earlier today. It's the latest article on my blog (first url in my sig). But yeah, if an attacker gets physical access to your machine, and they're determined enough, they can probably get in. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
