-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-05-14 03:51, Holger Levsen wrote:
> On Sat, May 13, 2017 at 02:55:12PM -0500, Andrew David Wong wrote:
>>> you really dont protect your gpg key with a passphrase??
>> See: https://www.qubes-os.org/doc/split-gpg/
>
> oh wow :(
>
>> Why is that a problem? It's only visible in dom0. If an attacker is in
>> dom0, it's already game over.
>
> no, the world is not black and white.
>
> If an attacker steals your computer while it's unlocked, all your gpg
> encrypted stuff is wide open.
>
> If an attacker steals my computer while it's unlocked, my gpg encrypted
> stuff is still locked. Surely the attacker can now install as many backdoors
> as
> they want, but as long as I don't type my gpg passphrase into that computer
> anymore, it should be pretty safe.
>
You're conflating two distinct problems:
(1) Passphrases I've typed in dom0 are available in cleartext in
dom0.
(2) Data-at-rest is not encrypted while Qubes is booted and the screen
is unlocked.
We could solve (1) without solving (2). If we did that, it would solve
the `ps` + qvm-backup problem (the first problem you mentioned), since
my backup would be encrypted, and the thief wouldn't have access to the
backup decryption passphrase.
(2) is the second problem you mentioned. Solving (2) is distinct from
solving (1), but in order for the solution to (2) to be satisfactory, we
also have to solve (1) (or make sure no similar problem arises for
per-VM encryption), since otherwise my data-at-rest passphrase could be
obtained via (1).
I think the right approach to (2) in Qubes is per-VM encryption [1]
(probably with LUKS instead of GPG, and certainly not relying on public
key crypto, though hopefully we're all already in agreement on the
latter point). If I'm in an untrusted physical environment, I should be
able to work with less sensitive VMs without decrypting sensitive VMs,
and if someone steals my unlocked laptop, they shouldn't be able to gain
access to the encrypted sensitive VMs. That's the goal, anyway.
[1] https://github.com/QubesOS/qubes-issues/issues/1293
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZGLwgAAoJENtN07w5UDAwAbQP/juQIolMCIFVF8m+MP4pAOkK
2AssF3W2S9ta9HBj5zFQNxCPrkkg/cF0rK78iB5C4QevU/vXlGQSbtmudQL8vejV
S/tEXPQQZCpU9+9HOXkAAUSXGYxd8rr5j6xtUx5j+GwBV/1RFH1GEyzDAafU/bZR
7Sa8t0HPx6pjOPst85i0Fg++qmka/t0aBjTrjwk63LijqBZXz8FBpeQKdqAzv8Ip
he6/EpDSRP7H6VRuIm8iFeYs/6ohFOemesp8BMF7tcPYxOI68rQTtzdgpSYIf4ve
oALypvQ1oDJt8z/TKckbrGlIk5lYJfOuKq3/4MkyoZxM8V24yKPNaeeoyiEsLvOH
QrnBzyBSbxMIZnuHfNyTb5QGn+YM511hHaGQFSxqCPsSD4orVmuXpnJsm2YdEXeU
iChHyzdfsUrWOeh1TgqnfQ078AvK3JZKMwHwOYucYERgSMu5yUFjS57yv60FdmsH
yXl5S+I9CThKdr9y8mHq8GujEOlMjMG7eqlA8Q/Up48T7RQnHF8Ivrntkiwb4pBb
B2iciTO5KZ+JhcPqoNp/NPCvv3G4R2s0vtFF8QO3nMFjczVv9D3hrockRBEh7rkz
HMVaobICdqMKemHF4Dg30gqG5V9WDpiMwFybj2x339SoOLb6E3rMJ+YH3hM+vvVm
Bd5Hzi2hwvaAD/S31BZx
=6VoB
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/dfbbdb3b-7dab-f4ce-7c78-7991675f1b01%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.
