From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <oliviersessink@gmail.com>
Received: from smtp.speedxs.nl (smtp-filter-01.speedxs.nl [83.98.255.32])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Wed, 30 Dec 2009 00:02:23 +0100 (CET)
Received: from cort.fakenet (unknown [83.98.244.209])
	by smtp.speedxs.nl (Postfix) with ESMTP id D53522D04D
	for <dm-crypt@saout.de>; Wed, 30 Dec 2009 00:02:19 +0100 (CET)
Received: from [192.168.0.140] (unknown [192.168.0.140])
	by cort.fakenet (Postfix) with ESMTP id E0129BA03F
	for <dm-crypt@saout.de>; Wed, 30 Dec 2009 00:02:22 +0100 (CET)
Message-ID: <4B3A8A7E.9000002@gmail.com>
Date: Wed, 30 Dec 2009 00:02:22 +0100
From: Olivier Sessink <oliviersessink@gmail.com>
MIME-Version: 1.0
References: <4B3914FB.7060008@gmail.com>	<20091228212038.GB2224@maude.comedia.it>	<4B3925F0.4050409@gmail.com>	<20091228231158.GB16466@fancy-poultry.org>	<20091229202429.GB17029@tansi.org>
	<20091229211536.GA31271@fancy-poultry.org>
In-Reply-To: <20091229211536.GA31271@fancy-poultry.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] encrypted root: prevent / detect tampering with
 kernel / initrd
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Heinz Diehl wrote:
> On 29.12.2009, Arno Wagner wrote: 
> 
>> I don't agree. But you have to think outside of the box and use a
>> separate, uncompromised boot medium that the attacker did not have
>> access to.
> 
> Sorry, but I can't see how this would help. The attacker installs a
> hardware keylogger and just doesn't care.

I don't see the averae script kiddie install a hardware keylogger in a 
modern laptop.

If you have an intelligence agency after you you're screwed anyway. 
They'll use a tempest attack or something so you won't even notice that 
you gave them your password (I don't have a tempest proof room in my 
house, perhaps other people have?).

So it's a matter of security management. For highly confidential data 
you need ($$$) a tempest proof environment with armed guards. For only 
slightly sensitive data, simple disk encryption and some measures 
against script kiddies are usually enough.

Olivier