[dm-crypt] LUKS disk encryption with remote boot authentication

Ralf Ramsauer ralf+dm at ramses-pyramidenbau.de
Sun Oct 19 21:40:28 CEST 2014


On 10/19/14 22:13, Cpp wrote:
> This circuitry will
> be reponsible for physical protection i.e. safe keeping the encryption
> key and destroy it in case an attacker tries to access it.
> Use some epoxy to prevent easy access to RAM
> chips... cold boot anyone?
Erm, just my two cents, but do you *really* think that this is a threat
to you?
In my opinion, costs and benefits should maintain balance...

And I am quite sure that your self-made tamper safe solution will
probably fail, if someone is really willing to break into your system.

So I think ssh'ing to your system and entering the passphrase manually
remains the best solution.

Cheers
  Ralf


More information about the dm-crypt mailing list