On Mon, Nov 7, 2011 at 11:51 AM, Tim <ignored_mail...@yahoo.com.au> wrote:
Tim: > >> Suspend does it to RAM. So your computer needs (minimal) power > >> continuously available to it, to keep what it's stuffed into memory. > >> If the memory is lost, then the next boot will be a cold boot. > > Linux Tyro: > > But without intentionally deleting memory, how could it be lost except > > for the case that power has gone and I am not using UPS....Cold boot > > simply means that it doesn't need credentials to log-on? > > Your power fails, your laptop battery goes flat, your laptop goes into a > power save mode that's inadequate for keeping the RAM contents intact... > > I've always wondered about the last one, since computers use dynamic > RAM, these days, you can't just keep supplying power to the RAM, it > needs constantly refreshing. > > > > But still how thief can log-in when I have encrypted password, > > password necessary to boot in, disabled booting via CD-rom, disabled > > booting via usb. Still chances are there that the thief can crack in ? > > With a cold boot, a thief would have to break all your encryption before > they could attempt to hack in. They've got to get it to boot, before > they can hack it. > > With a resume, the drive is already mounted to the system in an > un-encrypted manner, just there's no currently logged in user. That's > the state that a hibernated/suspended machine will resume to (running, > but keyboard/mouse locked out until you login). > > They've only got to manage to log in. If you've left servers running, > there may be one that's vulnerable to a hack. If you've left a mail > client running, it may be spewing your password straight out the network > port, every few minutes. > > Of course, if you have a computer that auto-logs you in without you > entering any password, or you have suspend/hibernate not lock access > away during the suspend/hibernate process, a resume/boot-up will let > anybody straight in unchallenged. > > > >> Some sort of hardware token, such as a key that must be inserted > >> while booting, but is kept separate from the computer, is the > >> simplest way to avoid that problem. > > > > This I didn't understand how to achieve, but thanks for the above > > explanation. > > You're welcome, and I don't have a ready answer for how one might go > about doing it. But it's the kind of thing you'd have to do (making > booting and resuming dependent on something that you kept separate from > the laptop). Ah, got the diea, thanks. -- THX
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
