Re: Disk encryption may not be secure enough, new research f…

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Erich Newell
Date:  
To: Main PLUG discussion list
New-Topics: Encryption and Distro Hopping
Subject: Re: Disk encryption may not be secure enough, new research finds
Essentially, if you are more concerned with someone who steals your laptop
having a can of CO2 in hand and a similar laptop with VERY specialized tools
installed on it nearby...Well, I think you have much bigger problems at that
point than worrying if the NSA sees that you do indeed enjoy the occasional
anime porn and maybe you cheated a little on your taxes last year.

I'm talking about the "you're about to be pushed into a van when it rolls up
next to you" variety.

These attacks are completely impractical against a moderately hardened linux
laptop.

1) Shutdown your laptop after every use
2) Strip the heads of the screws over internal components (This should
frustrate such an attacker long enough to let your memory fade)
3) Use an OpenPGP smartcard for crypto key storage (
http://www.g10code.com/p-card.html)

Share and Enjoy

On Fri, Feb 22, 2008 at 6:55 AM, Joshua Zeidner <> wrote:

> On Thu, Feb 21, 2008 at 11:34 PM, Ted Gould <> wrote:
> > On Thu, 2008-02-21 at 15:48 -0700, Stephen P Rufle wrote:
> > > http://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede
> > >
> > > In Linux would an effective counter to this type of attack be
> scrabbled
> > > the RAM on shutdown? I also am not sure if the people that steal
> laptops
> > > would have the skills to do what the researchers are doing.
> >
> > No, because when shutting down there is no issue. The concern here is
> > suspend and hibernate. If you are very worried about security,
> > hibernate is probably not a great idea. Suspend, unless you're keeping
> > something from the NSA I wouldn't worry too much. It's kinda like GPG
> > keys over a couple thousand bits today, sure the NSA can probably crack
> > them if they wanted, but are YOU important enough to fill out all that
> > paperwork?
> >
>
> looks like you're trying to prompt another telecom immunity
> discussion... :)
>
> - http://www.joshuazeidner.com/
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>




--
"A man is defined by the questions that he asks; and the way he goes about
finding the answers to those questions is the way he goes through life."
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss