Re: mlock(1)

• Previous message: Roland Dreier: "[PATCH][2/2] [take 2] USB: use add_hotplug_env_var in core/usb.c"
• In reply to: Jon Masters: "Re: mlock(1)"
• Next in thread: Robert White: "RE: mlock(1)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: jonathan@jonmasters.org
Date:	Wed, 29 Sep 2004 02:23:28 +0100

On Mer, 2004-09-29 at 02:16, Jon Masters wrote:
> I don't see in your argument how this is meant to be cryptographically
> secure. Nor do I see from any of the original mail an idea which does
> anything more than offer a fake promise of security to those who are
> willing to assume only dumb criminals steal their laptop. This is
> worse than no security at all and renders the idea of encrypting swap
> completely useless.

Most criminals are dumb. That means a boot screen that says
"Property of Dave Miller, if found please leave anywhere in Tahoe"
"Password:"

and a boot/bios password will defeat them and may get the laptop dumped
back where it can be recovered.

Thus don't rule out the value of the deterrent It isnt appropriate if
you leave national secrets on the train like all our finest government
employees keep doing obviously.

> 1). I open the laptop up (I'm allowed to do that if I've already nicked it :P).
> 2). I take a copy of the BIOS.
> 3). I replace the BIOS with a hardware configuration (however done -
> perhaps hot swapping chips, perhaps some simple logic device helps me)
> in which the original BIOS is available once booting begins.
> 4). That part of the security model was just destroyed.

This threat level is why secure systems people use smartcards for the
encryption keys and related processing. Just don't leave the smartcard
on the train!

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Roland Dreier: "[PATCH][2/2] [take 2] USB: use add_hotplug_env_var in core/usb.c"
• In reply to: Jon Masters: "Re: mlock(1)"
• Next in thread: Robert White: "RE: mlock(1)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.) ... I agree with you on the fact that people who need security must use ... Hey, if someone needs secure BGP, he must use MD5 sums from ... supporting a feature that nobody uses and many ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: Future of the security features ... guarding the security. ... Linux based systems could be a lot more secure ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: Ten least secure programs ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ... (Security-Basics) "An Asp.Net accident waiting to happen" - Draft article ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ... (microsoft.public.dotnet.framework.aspnet.security) RE: Why Easy To Use Software Is Putting You At Risk ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ... (Security-Basics)