Which release should we be using?

gnupg at lists.grepular.com gnupg at lists.grepular.com
Fri Aug 26 23:00:53 CEST 2011


On 26/08/11 21:07, Anthony Papillion wrote:

>> Oh, you can own an encrypted filesystem, even if the box is down. The
>> Evil Maid attack makes this trivial. And it doesn't matter the
>> encryption software used either.
> 
> I read about this attack a few years ago on Bruce Scheiner's blog. It
> scared the crap out of me then and it still worries me quite a bit. Of
> course, it's just a variant of what we've been telling people forever
> now: if the system is compromised, encryption is useless. Still, it's
> pretty scary stuff.

I've taken a number of steps to make evil maid and cold boot style
attacks against my new laptop much more difficult. It's funny this
should come up just now, because I wrote it up earlier today. It's the
latest article on my blog (first url in my sig). But yeah, if an
attacker gets physical access to your machine, and they're determined
enough, they can probably get in.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110826/56241d74/attachment.pgp>


More information about the Gnupg-users mailing list