On Thu, 14 Sep 2006, Stewart Stremler wrote:
I think that if you have an encrypted system disk, you should have
TWO... and you choose which one to boot depending on the passphrase
provided.
(And maybe a passphrase that indicates "destroy all information NOW",
presumably by deleting the keys used to encrypt/decrypt the drive.)
Well, that 'Mission Impossible; "this tape will self-destruct
in 5 seconds" approach' works, at most one time, and then
only against a opposing force which is amateurish in its
tradecraft.
One has to assume that before one is invited to surrender a
passphrase, the entity who has possession of the hardware in
question will have made an image copy of of the media, so that
you might be pursuaded to see the error of attempting to
destroy 'evidence', and provided a chance to correct that
error.
- Russ Herrold
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
