* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-02-22 03:18]: > > The paper you mentioned has some info on possible countermeasures. The > > best (IMO) is physically securing your RAM. This seems to fit in best > > with OpenBSD's philosophy, which has never been to put much time into > > thwarting attacks that require physical access to the box -- if you > > have that, there are MANY avenues of attack, most of which don't > > benefit much from immersing components in liquid N_2. > Then we could drop the whole encryption framework, or? > Why encrypting OWs? Nobody could crack the PWs if they don't have phisical > access.. why encrypting the HDDs or using IPSec? It's all about "physical > security" so why does OpenBSD care?
it should be kind of obvious the the scope for "physical security" in the ipsec case is a whole lot different than just access to the computer. as for passwords, yes, the encrypted passwords to travel over the net in some setups. > Of course there many kinds of attack but if somebody shutdowns your box > and reads the infos from your memory there's something we can do about it: > Overwriting.... it is overwhelming how you -fail to understand how malloc and friends work -fail to research on that -yet, without the slightest clue, start ranting and "making suggestions" kinda a definition of trolling. > Tell me how to ensure phyiscal security in bigger networks?! > I don't talk about a 50+ company where you know everybody but more about > 1k+ up to 130k users and more. fortunately, nobody with at least half a braincell left will let you anywhere close to such a network ever. > if I'm wrong if? you really think that is a conditional? > please correct me.. that has been proven pointless numerous times before. please just leave and annoy somebody else with your shit. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
