Re: Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Hinnerk van Bruinehsen <h.v.bruinehsen@fu-berlin.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
Date: Tue, 04 Sep 2012 22:08:38 +0200	[thread overview]
Message-ID: <50465FC6.5050707@fu-berlin.de> (raw)
In-Reply-To: <50464CF5.6050309@hadt.biz>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04.09.2012 20:48, Michael Hampicke wrote:
>> In theory grub2 is able to open a luks-encrypted volume though
>> it seems to have some disadvantages: you'll need to enter the
>> passphrase (or pass the keyfile) two times, because grub itself
>> needs to decrypt the volume to get the later stages from the
>> encrypted volume and afterwards the decryption in the bootprocess
>> itself takes place.
>> 
>> I can't give any real advice about it though, because I use an 
>> unencrypted boot partition. Depending on your needs it could be
>> an increase of security, because you can stop an attacker from
>> injecting malicious code into your kernel (or replace it
>> completely).
> 
> I don't think so, I still can replace your bootloader and grab
> your password. If you really think you might need something like
> this, I suggest you put your kernel and bootloader on a USB stick
> and boot your machine from that. When not in use keep the stick on
> your person.
> 
> That still does not protect you from physically tempering with your
> device.
> 
> Anyway, what about one those fancy tin foil hats to protect
> oneself against the governments mind control rays :)
> 

Ah yes - the aluminium foil deflector beanie
(http://zapatopi.net/afdb/)...

I just use it, when going out of my house or when updating my
MindGuard (http://zapatopi.net/mindguard/)

Enough fun - I just wanted to name the possibility because it's there
and it would't require you to repartition your drive.
I think it would be an increase in security nonetheless, though you're
correct: there are a lot more possible attack vectors with side
channel stuff getting very freaky indeed (i.e.: there is an
interesting paper about using the gyroscopes of a mobile telephone to
make a (>80%) correct guess about the pressed key)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQRl/GAAoJEJwwOFaNFkYcHbcH/i5ncHgButsE3ximu7Mdm113
ly0JVbINO4Bc7mkzj9eQAI8Ewr3JYhTpxpShfmWGGSBTTaAwltp1pYt+bj7xw3/E
+euJGjfffmcxsBkLtlaI5SQHvO/fNiKZ8cAga++HXtxWoJ/DTN5UBEmzI6xXm3Tk
RA6kGCDukiSpo4VjsfBMz1h8O9vtr2cgj4HlnOjNByzeSWk40XC9jKlSCLgjpkTp
pJNvY0qHE7hMZoH+S9Ai3ZDtDgHpcdtSCslJGiOGh16BBzhOyunDdj1SVfkSq0bg
1vKnqT6zQS0vSl3JyoP9zc8MOW9/IwK2anKRHhE817Y9rXrawsx1QwPu6xVLxe0=
=0NRV
-----END PGP SIGNATURE-----

next prev parent reply	other threads:[~2012-09-04 20:16 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-03 20:20 [gentoo-user] dm-crypt + ext4 = where will the journal go? "Roland Häder"
2012-09-03 20:36 ` Aw: " "Roland Häder"
2012-09-03 20:52   ` Florian Philipp
2012-09-03 21:23     ` Aw: " "Roland Häder"
2012-09-03 22:12       ` "Roland Häder"
2012-09-04 13:48         ` "Roland Häder"
2012-09-04 14:15           ` Dale
2012-09-04 15:14             ` Alan McKinnon
2012-09-04 15:53               ` Dale
2012-09-04 16:10                 ` Michael Mol
2012-09-04 20:09                 ` Neil Bothwick
2012-09-04 20:51                   ` Florian Philipp
2012-09-04 15:59             ` Aw: Re: " "Roland Häder"
2012-09-04 17:37           ` Aw: " Hinnerk van Bruinehsen
2012-09-04 18:18             ` Florian Philipp
2012-09-04 18:27               ` Michael Mol
2012-09-04 19:09                 ` Florian Philipp
2012-09-04 20:05                   ` Aw: " "Roland Häder"
2012-09-04 20:15                     ` Hinnerk van Bruinehsen
2012-09-04 18:48             ` Michael Hampicke
2012-09-04 20:08               ` Hinnerk van Bruinehsen [this message]
2012-09-04 20:15             ` Neil Bothwick
2012-09-04 18:33         ` Florian Philipp
2012-09-04 19:40           ` Aw: " "Roland Häder"
2012-09-04 19:47             ` Michael Mol
2012-09-04 20:36             ` Florian Philipp
2012-09-04 18:59       ` Florian Philipp
2012-09-04 20:14         ` Neil Bothwick
2012-09-04 20:45           ` Florian Philipp
2012-09-04 21:10             ` Neil Bothwick
2012-09-04 22:03               ` Samurai
2012-09-05 16:04                 ` Aw: " "Roland Häder"
2012-09-05 16:12                   ` Michael Mol
2012-09-05 18:18                     ` Aw: " "Roland Häder"
2012-09-05 22:10                       ` Florian Philipp
2012-09-06 14:20                         ` Aw: " "Roland Häder"
2012-09-06 15:36                           ` "Roland Häder"
2012-09-03 20:40 ` Florian Philipp
2012-09-03 20:52   ` Aw: " "Roland Häder"
2012-09-03 20:51 ` Steve Buzonas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50465FC6.5050707@fu-berlin.de \
    --to=h.v.bruinehsen@fu-berlin.de \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox