[NBLUG/talk] re: Crypto talk [important update]

error error at sonic.net
Wed Feb 11 15:28:01 PST 2004


On Wed, 2004-02-11 at 15:13, E Frank Ball wrote:
> On Wed, Feb 11, 2004 at 02:02:49AM -0800, Jake Appelbaum wrote:
> } 
> } If anyone has any questions or needs any help, feel free to post it on
> } list or as a private email to me.
> 
> Jake,
> 
> You talked about the limitations of the encryption system,
> but one thing you didn't mention was suspend mode on a
> laptop.  It seems that for the encryption to be of value you
> would need to do a full system shutdown/reboot rather than
> just use suspend mode if there is the <i>slightest</i>
> chance that anyone else would get their hands on it while it
> was off?  Unless you suspend with xscreensaver locked and
> you trust that?
> 

I knew I forgot something in those slides!
Thanks for reminding me.

Use of suspend is a very bad if you suspend the system to have it dump
the ram to the hard disk. If you suspend to RAM and no data is ever
written to the disk, it should be fine.

Just remember, the key to decrypt is in memory somewhere, if you write
that key to disk in a manner that requires your laptop to boot up and
reload that memory, it was almost certainly written to disk unencrypted.

The only method for doing that properly (suspend to disk) would be to
unmount all of the loop-aes subsystems (even swap) and then suspend to
disk. This would of course log your user out and it would basically be
useless.

> } Also:
> } Does anyone know who the guy in the front row was? The guy taking notes
> } going in and out of the room for most of the talk?
> } 
> } I almost wanted to spot the fed but I wasn't sure, he didn't seem to
> } have white socks on.
> 
> Hmmm, <i>I</i> had white socks on (but I was in the 2nd row :).

I didn't notice.

-- 
error <error at sonic.net>




More information about the talk mailing list