1 |
> We discussed using a simple RC timer to cut power to the device after a |
2 |
> certain amount of uptime, but if I pointed out that if we were spend the |
3 |
> time going to that trouble, we may as well go whole-hog and add built-in |
4 |
> encryption and make money off the thing. |
5 |
> |
6 |
> I think the grab-data-and-eject solution is probably the best for our |
7 |
> purposes. |
8 |
|
9 |
What about wiping the key. |
10 |
|
11 |
I would investigate if a hdparm reset negates that security. |
12 |
|
13 |
A long shot that all systems especially likely small ones will have |
14 |
floppies (though there may be a usb one) but using a floppy eject would |
15 |
certainly be one way (ignoring any buffers) as it is 100% mechanical |
16 |
on the enable direction. |
17 |
|
18 |
However why not just use a usb with perms set to root. If an attacker |
19 |
can get root which should be the biggest barrier and you are not worried |
20 |
about physical access then even SELINUX/RBAC may not save you. |
21 |
|
22 |
|
23 |
-- |
24 |
_______________________________________________________________________ |
25 |
|
26 |
'Write programs that do one thing and do it well. Write programs to work |
27 |
together. Write programs to handle text streams, because that is a |
28 |
universal interface' |
29 |
|
30 |
(Doug McIlroy) |
31 |
_______________________________________________________________________ |