open source disk crypto update
Travis H.
travis+ml-cryptography at subspacefield.org
Wed Apr 25 16:32:43 EDT 2007
Forgive me as this isn't as technical as the usual posts, but I
find it interesting nonetheless.
OpenBSD has, for some time, supported encrypted swap.
Just recently I discovered Debian default installs now support
encrypted root (/boot still needs to be decrypted).
Presumably we are moving back the end of the attack surface; with
encrypted root, one must attack /boot or the BIOS. What is the limit?
I think a simple evolution would be to make /boot and/or /root on
removable media (e.g. CD-ROM or USB drive) so that one could take it
with you. Of course if someone reflashes your BIOS you are still
hosed, but it appears that there's no way to completely eliminate
that kind of threat without taking the whole system with you.
--
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20070425/9c986868/attachment.pgp>
More information about the cryptography
mailing list