Re: Keeping files away from users

To: debian-security@lists.debian.org
Subject: Re: Keeping files away from users
From: Ross <ross@ntgr8.ca>
Date: Fri, 6 Jun 2003 06:47:50 -0500
Message-id: <[🔎] 1054900070.3ee07f669bf0e@mail.canadacast.ca>

> Against a sophisticated attacker, it's totally impossible to do what you
> want.  They could run bochs an boot the x86 emulator from the new hard
> drive, and examine the contents of the system's memory whenever they wanted.
> Obviously, that's not easy, since you have to figure out where the
> encryption key is in memory (if that's what you used to protect the drive).

I'd just like to add that you could try not storing the key on the machine at
all.  You could encrypt the content drives only, that way the system can boot by
itself but can't decrypt the data until you login manually (ssh) and decrypt the
drives by hand.

The obvious disadvantage is of course that your data will be unavailable every
time the system gets rebooted until you get a chance to login.

Again, it's not a perfect solution but i think it adds another significant
hurdle for the cracker.  The trick then becomes figuring out if your system has
been trojaned or is running in an emulator after a reboot... 

-ross

Reply to:

Prev by Date: Re: Keeping files away from users
Next by Date: Re: Keeping files away from users
Previous by thread: Re: Keeping files away from users
Next by thread: urgent request please
Index(es):
- Date
- Thread