Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???

To: debian-user@lists.debian.org
Subject: Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Wed, 19 Sep 2018 15:47:04 +0000
Message-id: <[🔎] 48579d22-a648-8283-3292-a8fa88e66c3c@affinityvision.com.au>
In-reply-to: <[🔎] 20180919025753.GG4569@bitfolk.com>
References: <[🔎] jwvo9d0feb7.fsf-monnier+gmane.linux.debian.user@gnu.org> <[🔎] 21b71f22-b81b-11e8-9b6a-00163eeb5320@msgid.mathom.us> <[🔎] Bebc0KKbGfDkmknpZG_kWBpopEpP_bQJxmtOxws2v0o5-Ld2JGH9GznpN9ZQu13_kUuOw6cMxdAJmezjgIxcMKew2JekXpIC82V0pmE5sHA=@mattcrews.com> <[🔎] ca3cbcd6-a1d4-09d2-aff9-ad389884b3c8@plouf.fr.eu.org> <[🔎] lCK9MWRoxKTvcY-qN_89LgF4efdx7L7W4YiwFhE5aq2AwvWR95_-ztA7jhieunl2Lp0H-TYvMzDC04YeIklIPpT-B7gp-j-5UxwOcOtxzS0=@mattcrews.com> <[🔎] 2a2a59ac-2704-5a1f-1d8e-ef5f7cd86fc0@plouf.fr.eu.org> <[🔎] ffad641d-46b7-9378-77e8-cb399ac2e5a1@affinityvision.com.au> <[🔎] pnjupl$irj$1@blaine.gmane.org> <[🔎] 20180915223936.GI4569@bitfolk.com> <[🔎] f017f9d2-036f-3c7a-1ce5-cccdb13c3fdc@plouf.fr.eu.org> <[🔎] 20180919025753.GG4569@bitfolk.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09/19/2018 02:57 AM, Andy Smith wrote:
> For sophisticated attackers who could do the clever thing, and had
> physical access to the server for enough time, it would be simpler
> to get a key for an encrypted file system by using hardware memory
> scanners and reading it right off the memory bus."

Another attack would be to note the exact time that you removed the
servers, then when you wish to talk with them again, set up an NTP
server to provide the old time (intercepting any requests trying to
get the time from another server of course).

Mandos does sound interesting though, but I don't think I'll be using
it.  Especially if it is possible to easily lock yourself out!

Cheers
AbndrewM
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW6JvcgAKCRCoFmvLt+/i
++WrAPsFm6b0dUqtHGh3S4Nhyyc5nL2M6vyi880aAJwF3wHXIgEAxxtdKZAdePqQ
aGe8EMYKDRsjhkP9Mxd74qtxVZ8S58E=
=2TGh
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: ext2 for /boot ???
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: ext2 for /boot ???
  - From: Michael Stone <mstone@debian.org>
- Re: ext2 for /boot ???
  - From: Matthew Crews <mailinglists@mattcrews.com>
- Re: ext2 for /boot ???
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: ext2 for /boot ???
  - From: Matthew Crews <mailinglists@mattcrews.com>
- Re: ext2 for /boot ???
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: ext2 for /boot ???
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: ext2 for /boot ???
  - From: deloptes <deloptes@gmail.com>
- Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
  - From: Andy Smith <andy@strugglers.net>
- Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: Re: Installing from live
Next by Date: Re: Yet another UEFI/BIOS question
Previous by thread: Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
Next by thread: Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
Index(es):
- Date
- Thread