Safe decryption with GnuPG?
Robert J. Hansen
rjh at sixdemonbag.org
Thu Feb 14 15:44:32 CET 2008
> Full disk encryption makes the system unnecessarily slow,
> especially if applied to swap space.
Not necessarily so. A lot of people make a big deal out of a couple
of papers published on how much whole-disk encryption slows down
OpenBSD, but the flip side to that is the file and network systems of
OpenBSD are not as efficient as those of many other OSes. If you've
done your own empirical tests with your own OS and discovered it's too
slow, then by all means, it's too slow. Otherwise, you may wish to do
some empirical tests.
> But unless the intruder is a root-kit,
If the attacker has access to your hardware, then you're out of luck,
the game is over. The only systems I can think of which may (may!) be
exceptions to this are certain esoteric systems designed to reach the
highest levels of Common Criteria evaluation, where classified and non-
classified data operate on entirely different CPUs, entirely different
RAM, etc., etc., with an information diode to control how information
flows between them.
More information about the Gnupg-users