From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7D31A198005 for ; Thu, 21 Mar 2013 21:32:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 298EBE072E; Thu, 21 Mar 2013 21:32:29 +0000 (UTC) Received: from nm11-vm0.bullet.mail.ird.yahoo.com (nm11-vm0.bullet.mail.ird.yahoo.com [77.238.189.218]) by pigeon.gentoo.org (Postfix) with SMTP id 97B97E058A for ; Thu, 21 Mar 2013 21:32:27 +0000 (UTC) Received: from [212.82.105.224] by nm11.bullet.mail.ird.yahoo.com with NNFMP; 21 Mar 2013 21:32:26 -0000 Received: from [217.146.188.239] by tm20.bullet.mail.ird.yahoo.com with NNFMP; 21 Mar 2013 21:32:26 -0000 Received: from [127.0.0.1] by smtp107.mail.ird.yahoo.com with NNFMP; 21 Mar 2013 21:32:26 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1363901546; bh=W4uftQ23YA678dWpPBMn8eM1RSrOKAjdiYCIhVF+wk0=; h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Date:From:To:Subject:In-Reply-To:References:X-Mailer:Mime-Version:Content-Type:Content-Transfer-Encoding; b=O6US4ALF2u4SKkTx472dKY7dVtUeoNjZoZLf/Om8foLnCbUZQkUw3nY+RbWETy5F4OBFI5jD/UeLfavWXpZ+YAcGiOvwVBtqs0ysRuUfYN3GWi29WujKklJGdc/ZUtxyj/VWLFN552gGGR02fQddcpCK9YE5LQ2mQ8YENHdFunA= X-Yahoo-Newman-Id: 824207.37445.bm@smtp107.mail.ird.yahoo.com Message-ID: <824207.37445.bm@smtp107.mail.ird.yahoo.com> X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: OdBfvScVM1myetrlF.hK82JRKOCUJkCIjEocIOcwwT06jxy M5LR9OtfomYeYgYodl0Opr6NjHUv3xrLW_YtmOBG7DgSmQOA9nTI6h21vaHp xfYEgWwLhXQYn8pCXrifi8TfQ9GnO5fKZKGHxk3Sf3_H6UJAnWgg9g6vqYMi I01KPzH3C8Ud3eR70ePCHXyri3LWsYc3hwPWzqWk1ZTRFSERqPG7f3R1JmRj i87lzTXiSEYwOHEbHAQa7HTXH.yjQD0wciuqA72B9Mo.QhP4muWMluxwSy56 x5lrfElcE3TdVsq9cM4IKBXcIYW0MjsaVMbKM2t.WpKNCWs2u9tn.bEHZHsg UbngJ185rIwwULzYsNlJzrfdueQefQNRsGEXbrLx4XXXUu2VLkQi1k8rQ8d7 XAfvDcmVxXS_3Ymjt4H.WipF49z.PyiMGb0wt6ajHQuXAIsvHMA-- X-Yahoo-SMTP: UxXxlhuswBC4wbdewolpwSmT1iJVzQ-- X-Rocket-Received: from sprat (ma1l1ists@92.27.156.6 with login) by smtp107.mail.ird.yahoo.com with SMTP; 21 Mar 2013 14:32:26 -0700 PDT Date: Thu, 21 Mar 2013 21:30:46 +0000 From: Kevin Chadwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] Time-lock USB stick In-Reply-To: <5149C474.7030005@gmail.com> References: <514925C3.8020900@gmail.com> <514977B2.4030408@hadt.biz> <5149C474.7030005@gmail.com> X-Mailer: KeVs Mailer Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 659bd046-32ee-4ad5-ab5a-e53ae075f151 X-Archives-Hash: d62b5e1ca6f19cbbdc4eaea3e8f3938f > We discussed using a simple RC timer to cut power to the device after a > certain amount of uptime, but if I pointed out that if we were spend the > time going to that trouble, we may as well go whole-hog and add built-in > encryption and make money off the thing. > > I think the grab-data-and-eject solution is probably the best for our > purposes. What about wiping the key. I would investigate if a hdparm reset negates that security. A long shot that all systems especially likely small ones will have floppies (though there may be a usb one) but using a floppy eject would certainly be one way (ignoring any buffers) as it is 100% mechanical on the enable direction. However why not just use a usb with perms set to root. If an attacker can get root which should be the biggest barrier and you are not worried about physical access then even SELINUX/RBAC may not save you. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________