[mdlug] Disk encryption
Jeff Hanson
jhansonxi at gmail.com
Sat Feb 23 01:50:48 EST 2008
On Sat, Feb 23, 2008 at 12:49 AM, Garry Stahl <tesral at comcast.net> wrote:
> Jeff Hanson wrote:
> > I think
> > the Linux solution is to have the kernel wipe entire memory space
> > before halting or suspending.
> >
>
> And still, if the black hat has the physical computer, you're screwed.
> Basically any hard drive that is lost from your protection should be
> considered compromised and the data open even if it is protected. No
> security is perfect and if the bad guy has ownership of the machine,
> they can own the data, it is merely a matter of time and interest.
>
> Most people that steal laptops are not data thieves. They want the
> machine to use or sell. They will not have the tools to break the
> security. They just want the password or to wipe the password.
>
> Frankly any computer I ever get rid of will have the hard drives wiped
> and if the data is sensitive enough (I have nothing in that category) I
> will physically destroy the drive.
Even with this new DRAM key recovery method the thermite erasure
method still works.
Practically speaking I encrypt server drives also. If an idiot steals
the system they're probably not going to care about unplugging the
power and thus losing access to decrypted data. I'd rather not have
an unencrypted server drive sitting in a pawn shop somewhere.
More information about the mdlug
mailing list