open source disk crypto update
Simon Josefsson
simon at josefsson.org
Thu Apr 26 09:37:23 EDT 2007
Alexander Klimov <alserkli at inbox.ru> writes:
> Are you afraid of attackers secretly changing your software (to
> monitor you?) while your computer is off?
I believe this is a not completely unreasonable threat. Modifying files
on the /boot partition to install a keylogger is not rocket science, and
(more importantly) can be done remotely, if you gain unauthorized access
to the machine.
If you boot from a trusted USB stick instead, and check the integrity of
the hard disk, the attacker needs to modify BIOS in order to install the
keylogger. This may be sufficient difficult to do on a large scale
(there are many different ways to update BIOS software), so that the
attacker goes away to try some other weakness instead.
There is one aspect that I don't recall seeing in this thread: if you
use a laptop, and suspend it to disk, there is no encryption or
authentication of the data as far as I know. (I believe swsusp
optionally can use SHA-1 or MD5 to verify integrity, but the hash is not
keyed.) For example, your SSH or PGP RSA key may be copied to disk
without warning. In addition, someone could modify the on-disk RAM
image to add a new root process when you restart the machine.
> If so, are you sure that there is no hardware keylogger in your
> keyboard and there is no camera inside a ceiling mounted smoke
> detector [1]?
Installing or enabling such features remotely is difficult, and
(importantly) cannot be done in the same way for all hardware.
/Simon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list