From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Wed,  7 Apr 2010 12:17:58 +0200 (CEST)
Message-ID: <4BBC5BD1.60209@redhat.com>
Date: Wed, 07 Apr 2010 12:17:53 +0200
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <1270631531.2807.26.camel@desa-compendia-tux>	
	<4BBC5662.2040503@redhat.com>
	<1270634743.2807.37.camel@desa-compendia-tux>
In-Reply-To: <1270634743.2807.37.camel@desa-compendia-tux>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Subject: Re: [dm-crypt] Library to do a 'luksOpen' programatically
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: =?UTF-8?B?TWlndWVsIMOBbmdlbCBHYXJjw61hIFJvaWc=?= <desarrollo@chillidacompendia.es>
Cc: dm-crypt@saout.de

On 04/07/2010 12:05 PM, Miguel Ángel García Roig wrote:

> I haven't physical control to the machine, that's the main problem.

Then there are many others ways how a local attacker can break it anyway.

And if anyone have root account, he can see the encryption key when device
is active.

Milan