Gentoo Archives: gentoo-user

From: godzil <godzil@××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet?
Date: Mon, 02 Jun 2014 12:36:35
Message-Id: 727112c3cda6ed9f4e944a735556b584@ssl0.ovh.net
In Reply to: Re: [gentoo-user] Demise of Truecrypt - surprised I haven't seen t his discussed here yet? by Matti Nykyri
1 Le 2014-06-02 13:23, Matti Nykyri a écrit :
2 > On Jun 2, 2014, at 16:40, "J. Roeleveld" <joost@××××××××.org> wrote:
3 >
4 >
5 > Well i have a switch in the door of the server room. It opens when you
6 > open the door. That signals the kernel to wipe all the encryption keys
7 > from kernel memory. Without the keys there is no access to the disks.
8 > After that another kernel is executed which wipes the memory of the
9 > old kernel. If you just pull the plug memory will stay in its state
10 > for an unspecified time.
11 >
12 > Swap uses random keys.
13 >
14 > network switches and routers get power only after firewall-server is
15 > up and running.
16 >
17 > There is no easy way to enter the room without wipeing the encryption
18 > keys. Booting up the server requires that a boot disk is brought to
19 > the computer to decrypt the boot drive. Grub2 can do this easily. This
20 > is to prevent some one to tamper eith a boot loader.
21 >
22 > System is not protected against hardware tamperment. The server room
23 > is an RF-cage.
24 >
25 > I consoder this setup quite secure.
26
27 It's nice to encrypt and wipe things automatically, but what about the
28 backups?

Replies