| 1 |
> We discussed using a simple RC timer to cut power to the device after a |
| 2 |
> certain amount of uptime, but if I pointed out that if we were spend the |
| 3 |
> time going to that trouble, we may as well go whole-hog and add built-in |
| 4 |
> encryption and make money off the thing. |
| 5 |
> |
| 6 |
> I think the grab-data-and-eject solution is probably the best for our |
| 7 |
> purposes. |
| 8 |
|
| 9 |
What about wiping the key. |
| 10 |
|
| 11 |
I would investigate if a hdparm reset negates that security. |
| 12 |
|
| 13 |
A long shot that all systems especially likely small ones will have |
| 14 |
floppies (though there may be a usb one) but using a floppy eject would |
| 15 |
certainly be one way (ignoring any buffers) as it is 100% mechanical |
| 16 |
on the enable direction. |
| 17 |
|
| 18 |
However why not just use a usb with perms set to root. If an attacker |
| 19 |
can get root which should be the biggest barrier and you are not worried |
| 20 |
about physical access then even SELINUX/RBAC may not save you. |
| 21 |
|
| 22 |
|
| 23 |
-- |
| 24 |
_______________________________________________________________________ |
| 25 |
|
| 26 |
'Write programs that do one thing and do it well. Write programs to work |
| 27 |
together. Write programs to handle text streams, because that is a |
| 28 |
universal interface' |
| 29 |
|
| 30 |
(Doug McIlroy) |
| 31 |
_______________________________________________________________________ |
Archives