Hibernation and secret keys

Werner Koch wk at gnupg.org
Mon Feb 16 09:19:42 CET 2009

On Fri, 13 Feb 2009 19:30, email at sven-radde.de said:

> "They" will have difficulties installing a keylogger if the unencrypted
> /boot is always in your pocket and the HDD contains just encrypted
> gibberish.

They will use a hardware logger and don't care about any encrypted stuff
in your pocket.

Anyway, for your example: Who will execute the code to decrypt boot?
What about another boot manager or a rogue BIOS or a complete
virtualized machine?  Please repeat with me:

            There is no way to avoid or detect backdoors if
                physical access to the machine has ever
                             been granted.

Well, in theory you can detect a backdoor, but you need quite some
equipment which certainly won't fit into a small pocket.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list