On Wed, 26 Jan 2011 23:24:07 +0100 Jochen Schulz <[email protected]> wrote:
> Celejar: > > Brad Alexander <[email protected]> wrote: > > > >> Linux admins used LUKS, and as a further step, I put /boot (the only > >> partition that cannot be encrypted) on a USB stick, so that if anyone > >> got the laptop, they had no access to the data. > > > > Why does putting /boot on a USB stick gain you anything? > > Because an unencrypted /boot may be altered by an attacker without you > noticing it. Theoretically, the kernel may be replaced by another one > that reports your passphrase to the attacker. Oh, basically the Evil Maid attack. Fair enough. But then you have to make sure the attacker can't flash the BIOS ... Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
