On Thu, Oct 31, 2019 at 11:47:31AM +0000, Claudia wrote:
There is also the possibility of a physical attacker booting their
own OS that pretends to be your FDE lock prompt as a way to steal
your passphrase.
This all depends on the scenario. Specifically, it assumes an evil
maid attack, where the machine is compromised and then used by the
rightful user again. There are other scenarios where the idea would be
useful. Consider if your suspended laptop is just simply stolen by
your local county police (who don't know how to mount a real evil maid
attack but can perform a cold boot attack). There's a big difference
between the key being in RAM or not.
The original scenario is that the user shuts the laptop lid knowing that
an adversary is about to take control of the machine. In this case, an
evil maid attack is not really an issue... by the time the user gets the
laptop back, the old infosec adage "nuke it from orbit, it's the only
way to be sure" is liable to apply.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20191101063853.GA2577%40danwin1210.me.
