Re: open source disk crypto update

2007-04-29 Thread Alexander Klimov
On Thu, 26 Apr 2007, Simon Josefsson wrote: Are you afraid of attackers secretly changing your software (to monitor you?) while your computer is off? I believe this is a not completely unreasonable threat. Modifying files on the /boot partition to install a keylogger is not rocket science,

Re: open source disk crypto update

2007-04-27 Thread Simon Josefsson
Alexander Klimov [EMAIL PROTECTED] writes: Are you afraid of attackers secretly changing your software (to monitor you?) while your computer is off? I believe this is a not completely unreasonable threat. Modifying files on the /boot partition to install a keylogger is not rocket science, and

Re: open source disk crypto update

2007-04-26 Thread David Malone
On Wed, Apr 25, 2007 at 03:32:43PM -0500, Travis H. wrote: I think a simple evolution would be to make /boot and/or /root on removable media (e.g. CD-ROM or USB drive) so that one could take it with you. Marc Schiesser gave a tutorial at EuroBSDcon 2005 on encrypting the whole hard drive on

Re: open source disk crypto update

2007-04-26 Thread Alexander Klimov
On Wed, 25 Apr 2007, Travis H. wrote: Just recently I discovered Debian default installs now support encrypted root (/boot still needs to be decrypted). Presumably we are moving back the end of the attack surface; with encrypted root, one must attack /boot or the BIOS. What is the limit?

open source disk crypto update

2007-04-25 Thread Travis H.
Forgive me as this isn't as technical as the usual posts, but I find it interesting nonetheless. OpenBSD has, for some time, supported encrypted swap. Just recently I discovered Debian default installs now support encrypted root (/boot still needs to be decrypted). Presumably we are moving