[86418] in cryptography@c2.net mail archive
open source disk crypto update
daemon@ATHENA.MIT.EDU (Travis H.)
Wed Apr 25 18:19:11 2007
Date: Wed, 25 Apr 2007 15:32:43 -0500
From: "Travis H." <travis+ml-cryptography@subspacefield.org>
To: Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Cryptography <cryptography@metzdowd.com>
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Forgive me as this isn't as technical as the usual posts, but I
find it interesting nonetheless.
OpenBSD has, for some time, supported encrypted swap.
Just recently I discovered Debian default installs now support
encrypted root (/boot still needs to be decrypted).
Presumably we are moving back the end of the attack surface; with
encrypted root, one must attack /boot or the BIOS. What is the limit?
I think a simple evolution would be to make /boot and/or /root on
removable media (e.g. CD-ROM or USB drive) so that one could take it
with you. Of course if someone reflashes your BIOS you are still
hosed, but it appears that there's no way to completely eliminate
that kind of threat without taking the whole system with you.
--=20
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john@subspacefield.org.
--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)
iQIVAwUBRi+662QVZZEDJt9HAQI7sxAAjz5+9TP84GoTCbT+etK+dBI8IbSdlyFY
eKLUFZbuvTbFhqD5cj4dVKZbSGMxKq2ie64j5iaJZvUrO3E+vHZNNLAOebIy0nqQ
hncuKaecdPM1wxoJABY21Y2Vv8CyIBSbN7NWB4h3WwrZKt6Fmr/mnnWoJD44qZOG
BE9/Ypq8i+qkgN9zcra8XHigcscrRbxwsh7U19Z7Jd0z6fAznNna3qHGEfD8gmmH
/SmIF2Xn8NJIv2IYAYs3wEQse5wtYKP8Cj0gKuFd8otlyotjlifJa1iSFUSObcQv
BJipaNRxx55gj4sxTVcNJUgew/Rhr4QPbS/TSLvW/hNWHtNiIOiVSstjQiO2sfc1
TdUuB5VSQ0QpmlQ3iX9RgzXAXcoTG0SVz6KXzcdlPXa+4G7H7JNCbaBhfjRntv4M
FvT0VKiUIfDfnPOQt+dmmPgv347RLMffsefu+L7XvCPf97uNggz6bz8Y8lPwTSwI
x1QwDSTQ0ZWGuKql4+bu8QP6XnCVnWRPqbVJn00BBB9GQRQCltsUa9oehqXcbmsO
RE3PhL3mxRrVDC61yQ0UtFItzspiII3x1WZVoUqZuPvR1RuT3soR1vS/iIzLOwq+
3hFmrnQwQzmkhpQfFzPQoQebedy0dYcvbtLDzWYugp+garWMyrZreFi17Hv6P/MD
rLTOLgC+Rro=
=ke29
-----END PGP SIGNATURE-----
--17pEHd4RhPHOinZp--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
