[dm-crypt] LUKS disk encryption with remote boot authentication
arno at wagner.name
Sun Oct 19 22:12:30 CEST 2014
On Sun, Oct 19, 2014 at 21:40:28 CEST, Ralf Ramsauer wrote:
> On 10/19/14 22:13, Cpp wrote:
> > This circuitry will
> > be reponsible for physical protection i.e. safe keeping the encryption
> > key and destroy it in case an attacker tries to access it.
> > Use some epoxy to prevent easy access to RAM
> > chips... cold boot anyone?
> Erm, just my two cents, but do you *really* think that this is a threat
> to you?
> In my opinion, costs and benefits should maintain balance...
> And I am quite sure that your self-made tamper safe solution will
> probably fail, if someone is really willing to break into your system.
Actually, it has a pretty good chance of working well. Once.
And if it is not too obvious and nowhere documented that the
attacker can get at beforehand.
> So I think ssh'ing to your system and entering the passphrase manually
> remains the best solution.
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt