From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id P7_byoXiCL0i for <dm-crypt@saout.de>;
 Wed,  9 Nov 2011 21:34:47 +0100 (CET)
Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Wed,  9 Nov 2011 21:34:47 +0100 (CET)
Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch
 [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id 14C201404001
 for <dm-crypt@saout.de>; Wed,  9 Nov 2011 21:34:46 +0100 (CET)
Date: Wed, 9 Nov 2011 21:34:45 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20111109203445.GA4797@tansi.org>
References: <CAPTy4so2YLyLanwoBQdvZZdoh+FvNsZNM0LzBaxvKWz+YHv0Uw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAPTy4so2YLyLanwoBQdvZZdoh+FvNsZNM0LzBaxvKWz+YHv0Uw@mail.gmail.com>
Subject: Re: [dm-crypt] LiveUSB encrypted.
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

You don't. What you do instead is use an encrypted 
data partition, which may be supported by some
Ubuntu tool.

The problem is that the kernel and an initrd have to
reside outside of the encrypted space. There is no 
way around that. As a consequence, an attacker can
already modify those two and get complete control.

If you are worried about this, use some form of
physical protection. Weak protection comes from using
write-once media like a CD-R. Stronger comes from
using an encrypted memory-stick with keypad. (Beware,
there are secure and insecure ones on the market.)
You can also ware the stick around your neck.

Arno

On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote:
> How i create a Ubuntu liveUSB inside a USB stick?
> The trick: The casper files is inside a encrypted partition with LUKS.
> 
> any ideas?
> 
> -- 
> Marcos Barbosa <marcosestevesbarbosa@gmail.com>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier