On Wed, 26 Jan 2011 23:24:07 +0100
Jochen Schulz <m...@well-adjusted.de> wrote:

> Celejar:
> > Brad Alexander <stor...@gmail.com> wrote:
> > 
> >> Linux admins used LUKS, and as a further step, I put /boot (the only
> >> partition that cannot be encrypted) on a USB stick, so that if anyone
> >> got the laptop, they had no access to the data.
> > 
> > Why does putting /boot on a USB stick gain you anything?
> 
> Because an unencrypted /boot may be altered by an attacker without you
> noticing it.  Theoretically, the kernel may be replaced by another one
> that reports your passphrase to the attacker.

Oh, basically the Evil Maid attack.  Fair enough.  But then you have to
make sure the attacker can't flash the BIOS ...

Celejar
-- 
foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110126174600.a8866289.cele...@gmail.com

Reply via email to