From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Vj0es-0005bS-BY for mharc-grub-devel@gnu.org; Wed, 20 Nov 2013 00:49:02 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45838) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vj0eh-0005G9-TL for grub-devel@gnu.org; Wed, 20 Nov 2013 00:49:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vj0eZ-0001GX-Fs for grub-devel@gnu.org; Wed, 20 Nov 2013 00:48:51 -0500 Received: from mail-ee0-x22b.google.com ([2a00:1450:4013:c00::22b]:40957) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vj0eZ-0001GR-7y for grub-devel@gnu.org; Wed, 20 Nov 2013 00:48:43 -0500 Received: by mail-ee0-f43.google.com with SMTP id c13so3068194eek.16 for ; Tue, 19 Nov 2013 21:48:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=qul5KxjHfBbVbzxF9/gHLJ+mqU+42VxMV0bTnsEgSfI=; b=niP3QC4Az6aAR9r4kpKeMxiB7ZFQ6If5f0F3QcKNUeBegqWHo8fBr7P+DNm8xpKeos NfRXkrkUiAEYVBLLUJDNVSWs7DjEoBtKGry5mNME1TtWUJPMXMXdln+8AnLfePYVBPXg gM2KqqQQbl22fxufIhzQSV6/4vI51hPuLgZWE8RyRBJ9nFgm3rBVjaHxTTNd3oVjE6CN m6NLYXYzt6EHbgImvSQiYHO1k3BUCGU20wigSchDnrS/9Lo5lOtLxnB+o68RMYkQkne+ 7qu+9i2xh1OuSHi6eq0hOyQCDKd044XIY7puGp35xdJDw6GDg2yX3M0sJ7IK3bOWfkjn IXTw== X-Received: by 10.14.3.130 with SMTP id 2mr33301150eeh.36.1384926522340; Tue, 19 Nov 2013 21:48:42 -0800 (PST) Received: from [192.168.1.16] (31-249.1-85.cust.bluewin.ch. [85.1.249.31]) by mx.google.com with ESMTPSA id x4sm55682005eef.1.2013.11.19.21.48.41 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 19 Nov 2013 21:48:41 -0800 (PST) Message-ID: <528C4D38.7050607@gmail.com> Date: Wed, 20 Nov 2013 06:48:40 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9 MIME-Version: 1.0 To: The development of GNU GRUB Subject: Re: Keyfile Support for GRUBs LUKS References: <528BF7A9.8010702@ramses-pyramidenbau.de> <20131119193135.7b3b5d2f@crass-Ideapad-Z570> <20131120015540.GA35248@scollay.m5p.com> <20131119234312.3e95e55e@crass-Ideapad-Z570> In-Reply-To: <20131119234312.3e95e55e@crass-Ideapad-Z570> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2XIGBSUITTJHNCRSWXOJJ" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4013:c00::22b X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 05:49:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2XIGBSUITTJHNCRSWXOJJ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 20.11.2013 06:43, Glenn Washburn wrote: > Modifying the cipher text just > manifests as random data corruption of the plain text device, again not= > a security issue and nothing that signatures would prevent. It's a security threat. Imagine you have somewhere a routine which verifies SSH-key when connecting by network. Replace it with random data. With some significant probability this decodes to valid opcodes but which do no check. Now everyone can use your SSH. encryption provides secrecy. Signatures provide verification. Using one to achieve the other will always fail. ------enig2XIGBSUITTJHNCRSWXOJJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iF4EAREKAAYFAlKMTTgACgkQmBXlbbo5nOs6GAEAlepLbeaObY+bccX+LiGyTbXm o0E9trYBMuWk1RtVQ4UA/it+w4RKgKbaRKrV4KjG0rIi+WpXMF/5fRl9AXXyJ/v7 =Iu0x -----END PGP SIGNATURE----- ------enig2XIGBSUITTJHNCRSWXOJJ--