Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
-----BEGIN PGP SIGNED MESSAGE-----
On 09/19/2018 02:57 AM, Andy Smith wrote:
> For sophisticated attackers who could do the clever thing, and had
> physical access to the server for enough time, it would be simpler
> to get a key for an encrypted file system by using hardware memory
> scanners and reading it right off the memory bus."
Another attack would be to note the exact time that you removed the
servers, then when you wish to talk with them again, set up an NTP
server to provide the old time (intercepting any requests trying to
get the time from another server of course).
Mandos does sound interesting though, but I don't think I'll be using
it. Especially if it is possible to easily lock yourself out!
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----