1 |
On Mon, Jul 6, 2020 at 5:05 AM William Kenworthy <billk@×××××××××.au> wrote: |
2 |
> |
3 |
> It also makes the point that any adminstrator will have access to the sticks data - not just the user (same as root under Linux). |
4 |
|
5 |
This is just a fundamental issue about how computers work. If you |
6 |
attach your storage media to a computer, then potentially anybody who |
7 |
had either physical access or administrative access to that computer |
8 |
before you can read the storage media. If it is encrypted and you |
9 |
enter the decryption key into the computer, then that includes the |
10 |
encrypted data too. |
11 |
|
12 |
There are of course operating systems that try to make this sort of |
13 |
thing harder, but there are many ways to bypass this sort of thing at |
14 |
either the hardware or software level. If you are plugging your USB |
15 |
drive into a computer you don't control, you really have no way to |
16 |
know what hardware or software it is using. It could contain hardware |
17 |
keyloggers, the OS might be tampered with, if the device is supposed |
18 |
to prevent OS tampering you don't know if the hardware was swapped out |
19 |
with hardware that doesn't prevent tampering, and so on. This is why |
20 |
things like hardware password/key managers often implement a |
21 |
minimalistic serial/keyboard interface - to prevent the host they are |
22 |
plugged into from actually being able to directly access their secure |
23 |
storage. |
24 |
|
25 |
I realize that you already said that this is your own hardware - I |
26 |
just wanted to point out this fundamental limitation. This is one of |
27 |
the reasons that when I select laptops/tablets I tend to select ones |
28 |
that are very light/portable - the more likely I am to have it with me |
29 |
the less likely I am to need to access my private data from systems I |
30 |
don't control. |
31 |
|
32 |
-- |
33 |
Rich |