[dm-crypt] LUKS disk encryption with remote boot authentication

Arno Wagner arno at wagner.name
Sun Oct 19 22:12:30 CEST 2014


On Sun, Oct 19, 2014 at 21:40:28 CEST, Ralf Ramsauer wrote:
> On 10/19/14 22:13, Cpp wrote:
> > This circuitry will
> > be reponsible for physical protection i.e. safe keeping the encryption
> > key and destroy it in case an attacker tries to access it.
> > Use some epoxy to prevent easy access to RAM
> > chips... cold boot anyone?
> Erm, just my two cents, but do you *really* think that this is a threat
> to you?
> In my opinion, costs and benefits should maintain balance...
> 
> And I am quite sure that your self-made tamper safe solution will
> probably fail, if someone is really willing to break into your system.

Actually, it has a pretty good chance of working well. Once.
And if it is not too obvious and nowhere documented that the
attacker can get at beforehand.

Arno
 
> So I think ssh'ing to your system and entering the passphrase manually
> remains the best solution.
> 
> Cheers
>   Ralf
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list