Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: andreas (andreas.hislistsgmail.com)
Date: Mon Aug 09 2010 - 10:27:00 CDT
> I think it's impossible to create trusted bootloader which would not be affected
> by physical attacks, see here:
> Thus even bootloader would be able to open softraid crypto device, it could be
> I'm going to create a usb stick with minimal installation on which I will carry checksums
> of files in '/' and I'm going to scan '/' for tampered files before "normal" boot.
> I do not know any better solution. I don't know if there can be some other shit which
> could somehow get my passphrase for softraid (bios, mbr...)? Is it theoretically
I think a hard disk should be crypt with Deniability. When you boot from
CD or usb-stick and dislocate them, no one should be able to proof that
the disk is crypt.
I am not an expert in this, so please correct me if I am wrong, this
scenario is attackable from bios side, or if the attacker reads the key
from memory (i.e. just booting with a minimal system from CD...) Also I
read about cooling and removing the ram to read the key :D
How to proof your bios? wassent there just last weeks a big company in
the IT news with mallware in their bios?
I don't know if it make sense/is possible, but why dont build a system
where the keys are stored in that part of the ram, which is used by the
bios when booting from cd or usb? So that a least a part of the key will
overwritten during every boot. That the attacker is forced to remove ram