| 1 |
Am Sonntag, 22. November 2009 17:38:02 schrieb schism@×××××××××.org: |
| 2 |
> It doesn't really make sense because you're not protecting against a |
| 3 |
> "casual" attacker at this point anyway. All FDE protects against is |
| 4 |
> powered-down physical compromise (typically theft or loss). The moment |
| 5 |
> your threat model includes a malicious attacker returning ownership to |
| 6 |
> you, you've gone way beyond the "by-chance-hacker" assessment and deeply |
| 7 |
> into espionage territory. At that point, if the attacker has had |
| 8 |
> manipulative access to your boot media, nothing short of hardware-level |
| 9 |
> measurements is really going to "guarantee" the safety of your data. I |
| 10 |
> also refer you to http://xkcd.com/538/. |
| 11 |
|
| 12 |
Hehe, this comic is very true. Even though I didn't try to hide from |
| 13 |
government or highly criminal guys, I guess you are right that the "by-chance- |
| 14 |
hackers" won't be able to do anything which will get prevented by this way of |
| 15 |
doing it. |
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
> There's nothing stopping you from this pursuit, it simply isn't going to |
| 20 |
> protect against what you may think it does. It adds unnecessary |
| 21 |
> complexity for that purpose, and complexity just adds more opportunities |
| 22 |
> for failure and subversion. If you find it convenient, that's just up |
| 23 |
> to you. |
| 24 |
|
| 25 |
Well, I guess I'll let it be for the time beeing. |
| 26 |
|
| 27 |
Thank you for the discussion! |
Archives