| 1 |
On Mon, Jul 6, 2020 at 5:05 AM William Kenworthy <billk@×××××××××.au> wrote: |
| 2 |
> |
| 3 |
> It also makes the point that any adminstrator will have access to the sticks data - not just the user (same as root under Linux). |
| 4 |
|
| 5 |
This is just a fundamental issue about how computers work. If you |
| 6 |
attach your storage media to a computer, then potentially anybody who |
| 7 |
had either physical access or administrative access to that computer |
| 8 |
before you can read the storage media. If it is encrypted and you |
| 9 |
enter the decryption key into the computer, then that includes the |
| 10 |
encrypted data too. |
| 11 |
|
| 12 |
There are of course operating systems that try to make this sort of |
| 13 |
thing harder, but there are many ways to bypass this sort of thing at |
| 14 |
either the hardware or software level. If you are plugging your USB |
| 15 |
drive into a computer you don't control, you really have no way to |
| 16 |
know what hardware or software it is using. It could contain hardware |
| 17 |
keyloggers, the OS might be tampered with, if the device is supposed |
| 18 |
to prevent OS tampering you don't know if the hardware was swapped out |
| 19 |
with hardware that doesn't prevent tampering, and so on. This is why |
| 20 |
things like hardware password/key managers often implement a |
| 21 |
minimalistic serial/keyboard interface - to prevent the host they are |
| 22 |
plugged into from actually being able to directly access their secure |
| 23 |
storage. |
| 24 |
|
| 25 |
I realize that you already said that this is your own hardware - I |
| 26 |
just wanted to point out this fundamental limitation. This is one of |
| 27 |
the reasons that when I select laptops/tablets I tend to select ones |
| 28 |
that are very light/portable - the more likely I am to have it with me |
| 29 |
the less likely I am to need to access my private data from systems I |
| 30 |
don't control. |
| 31 |
|
| 32 |
-- |
| 33 |
Rich |
Archives