[dm-crypt] Quick dm-crypt questions

Ralf Ramsauer ralf+dm at ramses-pyramidenbau.de
Wed Oct 29 16:30:33 CET 2014


On 29.10.2014 16:59, Arno Wagner wrote:
>> How do you want to realize the communication between the µC and you
>> > Linux Box? Over Uart? (Uart communication can _easily_ be sniffed, so be
>> > aware of that....)
> If an attacker has access on that level, they can probaly just do
> a memory-freeze attack or a fire-wire attack. Remember that 
> disk encryption does not protect data while the system is running
> and has the data decrypted. 
>
Yes, exactly. So why putting such huge efforts on that using some
semi-professional setup that is probably condemned to failure?
Don't get me wrong, I also consider it as a nice teaching/learning
system, but don't think that it is more secure than before. I'd rather
believe in the opposite.

Why using such a setup at all? I don't get the benefits, I just see a
lot of further possible vulnerabilities.

And (for me) sniffing an UART connection or attaching some kind of
debugger is much easier than freezing the system down, applying black
vodoo magic and reading the bits back from frozen RAM :-)
As you said, Arno, AVRs are well-known hobbyist µCs.

Make a long story short: it is a nice teaching project in order to get
into all that stuff, but even if it seems to work and even if I would
have developed it on my own, I would not use it for protecting MY
private data.

Cheers
  Ralf


More information about the dm-crypt mailing list