Tom Metro wrote:
I was envisioning a system in which an administrator connects into the
system after reboot and either supplies the entire key over a secure
channel from an off-site system, or perhaps loads the key from a USB
drive that is physically removed once loaded into memory, or enters a
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Tom Metro
I'd be curious to know if anyone has deployed something like TrueCrypt
on a sizable cluster of machines. How did they handle reboots?
Truecrypt requires password
Edward Ned Harvey (blu) wrote:
The most obvious solution to me, is to have an authentication server
(AD/Ldap/Kerberos) which boots using TPM.
But TPM is potentially vulnerable to cold boot attacks, and pre-boot PIN
systems are vulnerable to bootkit attacks. The only reliable defense
against
On 11/10/2013 10:59 AM, Richard Pieri wrote:
The only reliable defense against these is to maintain good physical
security.
Correct.
But as I think about it, I don't think putting your machines in a co-lo
means you are completely doomed.
For example, say you are renting some physical
Kent Borg wrote:
For example, say you are renting some physical space over which you have
some significant control. Be it a cage or maybe just a cabinet, you
should be able to have some intrusion detection (booby traps) and use
that shut things down--including deleting keys.
Maybe. If the
On Sat, Nov 09, 2013 at 03:55:18PM -0400, Tom Metro wrote:
...there's a simple...way for me to circumvent all of your
clever...self-destructs... I go after your backups.
They're encrypted too, with keys only held in memory.
No. They're encrypted, with keys written down on paper and held
by
Tom Metro wrote:
Oh, physical security is already excellent in this scenario. Locked
cage, 24/7 CCTV, and a security guard. The weakness is that your server
is in a data center owned by a 3rd party, who can simply hand the keys
over to someone else.
I must disagree with your assessment of
Richard Pieri wrote:
Tom Metro wrote:
They're encrypted too, with keys only held in memory.
Then your disaster recovery options are nil. An encrypted backup that
cannot be decrypted is mostly useless
Sorry, I thought it was obvious that the keys had to come from
somewhere. (Somewhere
Bill Bogstad wrote:
Cold Boot Attacks on Encryption Keys
If the machine is currently running, I suspect you can accomplish much
the same end result without the complication of cryogenics by simply
attaching a bus analyzer to the memory bus (physically doing that may be
challenging with modern
Tom Metro wrote:
The scenario is that you have strongly encrypted data on disk,
decryption keys in memory, an OS configured so that it doesn't do
something stupid, like write the keys to unencrypted swap space, and an
OS hardened enough that physical access to the machine seems like the
easier
On November 8, 2013 at 10:05 PM Tom Metro tmetro+...@gmail.com wrote:
Bill Bogstad wrote:
Cold Boot Attacks on Encryption Keys
But then the scenario starts to get a bit more far fetched. The people
seizing your server apparently already know or suspect you are using
full disk encryption,
On Fri, Nov 8, 2013 at 10:05 PM, Tom Metro tmetro+...@gmail.com wrote:
Bill Bogstad wrote:
Cold Boot Attacks on Encryption Keys
But then the scenario starts to get a bit more far fetched. The people
seizing your server apparently already know or suspect you are using
full disk encryption,
12 matches
Mail list logo
