Date: Mon, 24 Feb 2020 09:38:46 -0600 From: Valeri Galtsev <galtsev@kicp.uchicago.edu> To: freebsd-questions@freebsd.org Subject: Re: rm | Cleaning up recycle bin Message-ID: <e3a6e679-2fe7-c79d-7a75-f1ffa6460f00@kicp.uchicago.edu> In-Reply-To: <20200224151337.30d8d819e7cf74bde984b77a@sohara.org> References: <a589bf69-a53b-a732-08ff-74e09b723bbd@cloudzeeland.nl> <20200223184908.b35d656a.freebsd@edvax.de> <20200224145317.GA9130@neutralgood.org> <20200224151337.30d8d819e7cf74bde984b77a@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-02-24 09:13, Steve O'Hara-Smith wrote: > On Mon, 24 Feb 2020 09:53:17 -0500 > "Kevin P. Neal" <kpn@neutralgood.org> wrote: > >> The thing about security is that often all you can do is raise the cost >> of an attack. If the cost is high enough then you can often make an >> attacker find a better use of their time. > > If data security is the goal then encrypt the drive It depends on what kind of attack you are trying to defend from. If it is theft of your hard drive from your cold powered off machine, then this will help (not 100% solve it, just brute force drive decryption attack is too expensive or slow). If, however, it is physical machine security that you are trying to solve, encrypting drive not necessarily will help. The following is the speculation about how the attack can be performed. Bad guy has physical access to your machine when it is up and running. He opens the case, splashes liquid nitrogen onto your RAM, pulls RAM modules, plugs them into his device. Low temperature ensures the content of RAM is not lost while physically swapping it over to bad guy's device, and that device ensures the content of RAM is not lost (pretty much the same way as dynamic RAM is used always). And the guy takes the hard drive. Encryption/decryption happens on the fly on running machine (otherwise yanking the power will allow on to have decrypted drive), and therefore the encryption/decryption key(s) must me somewhere in the RAM when machine runs. And the bad guy has it all now: the whole content of the RAM (with the keys), and [encrypted] hard drive. He has your information. It sounds a bit too elaborate, but as someone said already, it can be done, the difference is just in the amount of effort/cost. Valeri > and try not to > upset the NSA. > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e3a6e679-2fe7-c79d-7a75-f1ffa6460f00>