From owner-freebsd-questions@freebsd.org Mon Feb 24 16:06:27 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B80A4239180 for ; Mon, 24 Feb 2020 16:06:27 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48R6PY5hf3z49d4 for ; Mon, 24 Feb 2020 16:06:25 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: by mail-qk1-x734.google.com with SMTP id a2so9089406qko.12 for ; Mon, 24 Feb 2020 08:06:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :organization:face:mime-version:content-transfer-encoding; bh=wC1sz+Mu/mdScq6BCEYCLzsgeBiZQeQMFuccXtneipE=; b=MeRoqA+XC/6fA0vl81A7kk8F5vSMuJs2qfM3C7Unc3hJI0IobEXKLOV8vwFUobUjZ8 YYiRtwSPataFqt97ccZBjLQ2IZSLGV17pVG/cb5qskfIqon1BK4+Wif54KuoOlwr7nLD XbNiQ5Yf3osemOW5a/ElB7YFtv3hv94WsuT+M= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:reply-to:organization:face:mime-version :content-transfer-encoding; bh=wC1sz+Mu/mdScq6BCEYCLzsgeBiZQeQMFuccXtneipE=; b=maxioigZgmFOCLUmouj+ilWEcDWDHApj/Fu3XxYvCmkJtHZlh4E/y9/X9DB5DWsJ5h dZ681/mzMlTby268hET7JjyhK8IEgwYrEjRvGlUARRAD9/a2yda0KGIWObEfrm2WW2h/ ipke+vfcaec/4E9tuU5uRstSJvEXtdYtoRZ2RQIOuKhNsXnXK8OFXX68512yR6AW0G51 uFC3H4SR7+FaUFm3PEr3qIfrMZuP4ebCIYrnOTasmHte5REOc1kZNcvEf00flR8Q04Pz ClFFHzx+2DGd2BotTstAImVWQBSHt3u1LY16D/h5hvas8kSJ4HDRh9dbpFRRHO1b9+JF Q/pw== X-Gm-Message-State: APjAAAXFx61+HObAZPRPJqHf2uz4kOgQVyBL8B2WYonc8JAXSEJIkrJJ /4A3UY+ISDArHyp3gEEXjPu8036GDGo= X-Google-Smtp-Source: APXvYqyHqHB9OFuz1Rusi77tcfh5LsksCNE4WA7vbPen4u97G1Tmo42eP4wDBkzEuMtEYJoZXrLGnA== X-Received: by 2002:a37:6e06:: with SMTP id j6mr14085252qkc.171.1582560384201; Mon, 24 Feb 2020 08:06:24 -0800 (PST) Received: from scorpio.seibercom.net (cpe-174-109-225-250.nc.res.rr.com. [174.109.225.250]) by smtp.gmail.com with ESMTPSA id 12sm4009416qkj.136.2020.02.24.08.06.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Feb 2020 08:06:23 -0800 (PST) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: jerry@seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 48R6PV3YBDz1YCn for ; Mon, 24 Feb 2020 11:06:22 -0500 (EST) Date: Mon, 24 Feb 2020 11:06:21 -0500 From: Jerry To: freebsd-questions@freebsd.org Subject: Re: rm | Cleaning up recycle bin Message-ID: <20200224110621.3267115d@scorpio> In-Reply-To: References: <20200223184908.b35d656a.freebsd@edvax.de> <20200224145317.GA9130@neutralgood.org> <20200224151337.30d8d819e7cf74bde984b77a@sohara.org> Reply-To: freebsd-questions@freebsd.org Organization: seibercom.net X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; amd64-portbld-freebsd11.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAD1BMVEXHx8eCek7////4+fjWs03LZvEkAAAB+UlEQVQ4jY2UC5LbIAyGhfEB0JoDULgAAR8ANrr/mfpL2Em2087UExyiT+hNKJfesVrGB99ri0UvkAtW73+CnBPZs90AL0U5V5N7FXcsuvQBfIFYt3bGQFNQaMaWdVsu0Jd8Hy5+J/G6h5BWRDlJFOLj5OiziWh5SCwcHYd9MnvzQmapxglJFBFmlqC2zLmTCLkKOeprtAWciOlOFcoUFvEALScXI9Gc0ezsItEXRJVXSrlUyMMVU84L2JMADiitXx9gV98tcUs0EG675QWZcPz+xUd1+ygfQGNin+I4Q5APcIqFS1F2IYClXSkh7/NZKSBb4bGcI/XgEL+MTo5kRtSYlhyV1UqhhS5ECbTCPSF7EE4MbSTvomkqqFGGg+3J2nW83JcB9EK+gu/nII/WuYq+GHBwvYWGpmtFs2uPOBQU1JMqB3WM9hK3Mp8KEu2TKNh4IDCPlEu+wPAhbBcY7qouaumcR/gakYbMqxbUCwUZNL21BDkeq3XUs+mJnSB5uu0CeYHdbGEaub06SFalGjDoCTnmF6haV9oe6AVrzhfo/bFAJ23TZcgGrqqtuT3Uya2/JtHiPyrOHT8AjpANqczL0H0/eg0WmTxf+vet7YT5jiF/gt6vy1Zuz8VEdF//91Pet/bfoN8zrsPeF3j/yXT1+pc/mf8FvwFLRp5BkxdhkQAAAABJRU5ErkJggg== MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 48R6PY5hf3z49d4 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=seibercom.net header.s=google header.b=MeRoqA+X; dmarc=none; spf=pass (mx1.freebsd.org: domain of jerry@seibercom.net designates 2607:f8b0:4864:20::734 as permitted sender) smtp.mailfrom=jerry@seibercom.net X-Spamd-Result: default: False [0.44 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[freebsd-questions@freebsd.org]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_NONE(0.00)[]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[seibercom.net:+]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-2.56)[ip: (-9.17), ipnet: 2607:f8b0::/32(-1.88), asn: 15169(-1.67), country: US(-0.05)]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[250.225.109.174.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; REPLYTO_EQ_TO_ADDR(5.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[seibercom.net:s=google]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[seibercom.net]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[4.3.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2020 16:06:27 -0000 On Mon, 24 Feb 2020 09:38:46 -0600, Valeri Galtsev stated: >It depends on what kind of attack you are trying to defend from. If it >is theft of your hard drive from your cold powered off machine, then >this will help (not 100% solve it, just brute force drive decryption >attack is too expensive or slow). If, however, it is physical machine >security that you are trying to solve, encrypting drive not >necessarily will help. The following is the speculation about how the >attack can be performed. Bad guy has physical access to your machine >when it is up and running. He opens the case, splashes liquid nitrogen >onto your RAM, pulls RAM modules, plugs them into his device. Low >temperature ensures the content of RAM is not lost while physically >swapping it over to bad guy's device, and that device ensures the >content of RAM is not lost (pretty much the same way as dynamic RAM is >used always). And the guy takes the hard drive. Encryption/decryption >happens on the fly on running machine (otherwise yanking the power >will allow on to have decrypted drive), and therefore the >encryption/decryption key(s) must me somewhere in the RAM when machine >runs. And the bad guy has it all now: the whole content of the RAM >(with the keys), and [encrypted] hard drive. He has your information. Can you document an actual event when this scenario occurred? -- Jerry