On Wed, 26 Jan 2011 23:24:07 +0100 Jochen Schulz <m...@well-adjusted.de> wrote:
> Celejar: > > Brad Alexander <stor...@gmail.com> wrote: > > > >> Linux admins used LUKS, and as a further step, I put /boot (the only > >> partition that cannot be encrypted) on a USB stick, so that if anyone > >> got the laptop, they had no access to the data. > > > > Why does putting /boot on a USB stick gain you anything? > > Because an unencrypted /boot may be altered by an attacker without you > noticing it. Theoretically, the kernel may be replaced by another one > that reports your passphrase to the attacker. Oh, basically the Evil Maid attack. Fair enough. But then you have to make sure the attacker can't flash the BIOS ... Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110126174600.a8866289.cele...@gmail.com