From: Paulo Marques <pmarques@grupopie.com>
To: Valdis.Kletnieks@vt.edu
Cc: "Nico Augustijn." <kernel@janestarz.com>,
hvr@gnu.org, clemens@endorphin.org, linux-kernel@vger.kernel.org
Subject: Re: Cryptoloop patch for builtin default passphrase
Date: Mon, 25 Oct 2004 19:23:35 +0100 [thread overview]
Message-ID: <417D44A7.2030904@grupopie.com> (raw)
In-Reply-To: <200410251754.i9PHsVrI018284@turing-police.cc.vt.edu>
Valdis.Kletnieks@vt.edu wrote:
> On Mon, 25 Oct 2004 18:33:43 BST, Paulo Marques said:
>
>
>>I don't have any feelings about this patch, but it seems to me that you
>>could always store the contents of the nvram somewhere "safe" (you could
>>even write them down and take it to a safe deposit box in a bank :) ),
>>and, if those contents happen to change, you could always write them
>>again...
I really didn't want to pursue this further, but...
> That's assuming that your machine will even *boot* correctly and cleanly if the
> contents of the NVRAM are put back.
You can always boot with a rescue CD or something, assuming that you
don't have a stupid file system (I think there is none in Linux) that
mounts even with the wrong magic number and trashes the block device
contents.
(why would you need confidential information to boot in the first place?)
> And if you're doing the "write it down and type it in again" thing, you might
> as well just use a passphrase, as it's defeating the whole concept of
> using /dev/nvram to xor against....
No it is not. You would just type in again *if* the contents of nvram
got lost which shouldn't happen in the first place (or at least happen
rarely).
This is a "just in case" scenario, not a everytime scenario liake the
passphrase approach.
As I said before, I have no strong feelings about this patch, I just
don't like to see things defeated over false arguments...
--
Paulo Marques - www.grupopie.com
All that is necessary for the triumph of evil is that good men do nothing.
Edmund Burke (1729 - 1797)
next prev parent reply other threads:[~2004-10-25 18:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-25 11:54 Cryptoloop patch for builtin default passphrase Nico Augustijn.
2004-10-25 17:19 ` Valdis.Kletnieks
2004-10-25 17:33 ` Paulo Marques
2004-10-25 17:54 ` Valdis.Kletnieks
2004-10-25 18:23 ` Paulo Marques [this message]
2004-10-25 19:05 ` Valdis.Kletnieks
2004-10-26 11:17 ` Paulo Marques
2004-10-26 21:15 ` Bill Davidsen
2004-10-25 18:57 ` Nico Augustijn
2004-10-25 19:13 ` Valdis.Kletnieks
2004-10-26 6:17 ` Jan Engelhardt
-- strict thread matches above, loose matches on Subject: below --
2004-10-27 13:27 Nico Augustijn
2004-10-27 20:01 ` Bill Davidsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=417D44A7.2030904@grupopie.com \
--to=pmarques@grupopie.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=clemens@endorphin.org \
--cc=hvr@gnu.org \
--cc=kernel@janestarz.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.