Gentoo Archives: gentoo-user

From: Matti Nykyri <matti.nykyri@×××.fi>
To: "gentoo-user@l.g.o" <gentoo-user@l.g.o>
Subject: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet?
Date: Mon, 02 Jun 2014 12:30:48
Message-Id: FF562C5B-31F5-4806-AF76-44F8CDFFEA2C@iki.fi
In Reply to: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? by Dale
1 On Jun 2, 2014, at 15:06, Dale <rdalek1967@×××××.com> wrote:
2
3 > Rich Freeman wrote:
4 >> If you're worried about casual thieves then just about any kind of
5 >> properly-implemented encryption will stop them.
6 >>
7 >> If you're worried about a government official specifically tasked with
8 >> retrieving your computer, my understanding is that it is SOP these
9 >> days to retrieve your computer without powering it off for just this
10 >> reason. They won't use your UPS to do it. Typically they remove the
11 >> plug just far enough to expose the prongs, slide in a connector that
12 >> connects it to a UPS, and then they pull it out the rest of the way
13 >> now powered by the UPS.
14 >>
15 >> See something like:
16 >> http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/
17 >>
18 >> Presumably somebody who is determined will also have the means to
19 >> retrieve the contents of RAM once they seize your computer. Besides
20 >> directlly accessing the memory bus I think most motherboards are not
21 >> designed to be secure against attacks from PCI/firewire/etc.
22 >>
23 >> Rich
24 >>
25 >>
26 >
27 >
28 > Now that is wicked. Like I said, this could get crazy. ROFL Thing is,
29 > with Linux, it could be set up to run a script so that if say the
30 > keyboard/mouse/some other device is removed, it runs shutdown. It seems
31 > the biggest thing as for as Govt goes, having it do something they can't
32 > anticipate it doing that locks things down or does a rm -rfv /* or some
33 > other nasty command.
34 >
35 > I might add, on a older rig I tried that command once. I ran rm -rfv /*
36 > and it didn't erase everything like I thought it would. I figured the
37 > command would be loaded in ram and would run until the end of the /
38 > structure. It didn't. I can't recall how far it got now but I think it
39 > was in the /proc directory. I figure it deleted the process and sort of
40 > forgot to finish. It's been a while since I did that tho. Details are
41 > fuzzy.
42
43 Well rm does not remove anything. It just unlinks the data. If you use journalling fs, everithing is recoverable from journal easily. And even without the journal you will easily get most of the data.
44
45 dd if=/dev/zero of=/dev/your-root-drive bs=4096
46
47 This will wipe data so that it is quite hard to retrive it. Retriving would require opening the drive, etc...
48
49 --
50 -Matti