| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 04.09.2012 20:48, Michael Hampicke wrote: |
| 5 |
>> In theory grub2 is able to open a luks-encrypted volume though |
| 6 |
>> it seems to have some disadvantages: you'll need to enter the |
| 7 |
>> passphrase (or pass the keyfile) two times, because grub itself |
| 8 |
>> needs to decrypt the volume to get the later stages from the |
| 9 |
>> encrypted volume and afterwards the decryption in the bootprocess |
| 10 |
>> itself takes place. |
| 11 |
>> |
| 12 |
>> I can't give any real advice about it though, because I use an |
| 13 |
>> unencrypted boot partition. Depending on your needs it could be |
| 14 |
>> an increase of security, because you can stop an attacker from |
| 15 |
>> injecting malicious code into your kernel (or replace it |
| 16 |
>> completely). |
| 17 |
> |
| 18 |
> I don't think so, I still can replace your bootloader and grab |
| 19 |
> your password. If you really think you might need something like |
| 20 |
> this, I suggest you put your kernel and bootloader on a USB stick |
| 21 |
> and boot your machine from that. When not in use keep the stick on |
| 22 |
> your person. |
| 23 |
> |
| 24 |
> That still does not protect you from physically tempering with your |
| 25 |
> device. |
| 26 |
> |
| 27 |
> Anyway, what about one those fancy tin foil hats to protect |
| 28 |
> oneself against the governments mind control rays :) |
| 29 |
> |
| 30 |
|
| 31 |
Ah yes - the aluminium foil deflector beanie |
| 32 |
(http://zapatopi.net/afdb/)... |
| 33 |
|
| 34 |
I just use it, when going out of my house or when updating my |
| 35 |
MindGuard (http://zapatopi.net/mindguard/) |
| 36 |
|
| 37 |
|
| 38 |
Enough fun - I just wanted to name the possibility because it's there |
| 39 |
and it would't require you to repartition your drive. |
| 40 |
I think it would be an increase in security nonetheless, though you're |
| 41 |
correct: there are a lot more possible attack vectors with side |
| 42 |
channel stuff getting very freaky indeed (i.e.: there is an |
| 43 |
interesting paper about using the gyroscopes of a mobile telephone to |
| 44 |
make a (>80%) correct guess about the pressed key) |
| 45 |
|
| 46 |
-----BEGIN PGP SIGNATURE----- |
| 47 |
Version: GnuPG v2.0.19 (GNU/Linux) |
| 48 |
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ |
| 49 |
|
| 50 |
iQEcBAEBAgAGBQJQRl/GAAoJEJwwOFaNFkYcHbcH/i5ncHgButsE3ximu7Mdm113 |
| 51 |
ly0JVbINO4Bc7mkzj9eQAI8Ewr3JYhTpxpShfmWGGSBTTaAwltp1pYt+bj7xw3/E |
| 52 |
+euJGjfffmcxsBkLtlaI5SQHvO/fNiKZ8cAga++HXtxWoJ/DTN5UBEmzI6xXm3Tk |
| 53 |
RA6kGCDukiSpo4VjsfBMz1h8O9vtr2cgj4HlnOjNByzeSWk40XC9jKlSCLgjpkTp |
| 54 |
pJNvY0qHE7hMZoH+S9Ai3ZDtDgHpcdtSCslJGiOGh16BBzhOyunDdj1SVfkSq0bg |
| 55 |
1vKnqT6zQS0vSl3JyoP9zc8MOW9/IwK2anKRHhE817Y9rXrawsx1QwPu6xVLxe0= |
| 56 |
=0NRV |
| 57 |
-----END PGP SIGNATURE----- |
Archives