Gentoo Archives: gentoo-user

From: "J. Roeleveld" <joost@××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet?
Date: Mon, 02 Jun 2014 13:29:30
Message-Id: 2018854.UoMFgieO5e@andromeda
In Reply to: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? by Matti Nykyri
1 On Monday, June 02, 2014 04:23:07 PM Matti Nykyri wrote:
2 > On Jun 2, 2014, at 17:52, "J. Roeleveld" <joost@××××××××.org> wrote:
3 > > On Monday, June 02, 2014 03:23:03 PM Matti Nykyri wrote:
4 > >> On Jun 2, 2014, at 16:40, "J. Roeleveld" <joost@××××××××.org> wrote:
5 > >>> On Monday, June 02, 2014 07:28:53 AM Rich Freeman wrote:
6 > >>>> On Mon, Jun 2, 2014 at 6:56 AM, Neil Bothwick <neil@××××××××××.uk>
7 wrote:
8 > >>>>> On Mon, 02 Jun 2014 05:27:44 -0500, Dale wrote:
9 > >>>>>> The second option does sound what I am looking for. Basically, if I
10 > >>>>>> log
11 > >>>>>> out but leave my computer on, leave home, some crook/NSA type breaks
12 > >>>>>> in
13 > >>>>>> and tries to access something or steals my whole puter, they would
14 > >>>>>> just
15 > >>>>>> get garbage for data. That seems to fit the second option best.
16 > >>>>>
17 > >>>>> If they steal your computer they will have to power it off, unless you
18 > >>>>> are kind enough to leave them a large enough UPS to steal along with
19 > >>>>> it,
20 > >>>>> so any encryption will be equally effective.
21 > >>>>
22 > >>>> If you're worried about casual thieves then just about any kind of
23 > >>>> properly-implemented encryption will stop them.
24 > >>>>
25 > >>>> If you're worried about a government official specifically tasked with
26 > >>>> retrieving your computer, my understanding is that it is SOP these
27 > >>>> days to retrieve your computer without powering it off for just this
28 > >>>> reason. They won't use your UPS to do it. Typically they remove the
29 > >>>> plug just far enough to expose the prongs, slide in a connector that
30 > >>>> connects it to a UPS, and then they pull it out the rest of the way
31 > >>>> now powered by the UPS.
32 > >>>>
33 > >>>> See something like:
34 > >>>> http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/
35 > >>>
36 > >>> Hmm... Those are nice, but can be easily built yourself with an
37 > >>> off-the-shelf UPS.
38 > >>>
39 > >>>> Presumably somebody who is determined will also have the means to
40 > >>>> retrieve the contents of RAM once they seize your computer. Besides
41 > >>>> directlly accessing the memory bus I think most motherboards are not
42 > >>>> designed to be secure against attacks from PCI/firewire/etc.
43 > >>>
44 > >>> Hmm... add something to auto-shutdown the computer when a hotplug event
45 > >>> occurs on any of the internal ports and remove support for unused ports
46 > >>> from the kernel.
47 > >>>
48 > >>> I wonder how they'd keep a computer from initiating a shutdown procedure
49 > >>> or
50 > >>> causing a kernel panic when it looses (wireless) connection to another
51 > >>> device that is unlikely to be moved when powered up?
52 > >>
53 > >> Well i have a switch in the door of the server room. It opens when you
54 > >> open
55 > >> the door. That signals the kernel to wipe all the encryption keys from
56 > >> kernel memory. Without the keys there is no access to the disks. After
57 > >> that
58 > >> another kernel is executed which wipes the memory of the old kernel. If
59 > >> you
60 > >> just pull the plug memory will stay in its state for an unspecified time.
61 > >
62 > > You don't happen to have a howto on how to set that up?
63 >
64 > Well i have a deamon running and a self made logic device in COM-port. Very
65 > simple. It has a single serial-parallel converter to do simple IO.
66 > Currently it just controls one relay that powers the network-devices.
67
68 I actually meant the software side:
69 - How to wipe the keys and then wipe the whole memory.
70
71 > >> I consoder this setup quite secure.
72 > >
73 > > Makes me wonder what it is you are protecting your server from. :)
74 >
75 > Well just a hobby. I wanted to play with electronics. The server controls my
76 > heating, locks of the house, lights, airconditioning, fire-alarm and
77 > burglar-alarm. Gentoo-powered house...
78
79 I would keep the system controlling all that off the internet with only a
80 null-modem cable to an internet-connected server using a custom protocol.
81
82 Anything that doesn't match the protocol initiates a full lock-down of the
83 house. ;)
84
85 --
86 Joost

Replies