Date: Sat, 23 Feb 2008 14:27:33 -0800 From: "David E. Thiel" <lx@FreeBSD.org> To: freebsd-hackers@freebsd.org Subject: Re: Security Flaw in Popular Disk Encryption Technologies Message-ID: <20080223222733.GI12067@redundancy.redundancy.org> In-Reply-To: <20080223010856.7244.qmail@smasher.org> References: <20080223010856.7244.qmail@smasher.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 23, 2008 at 02:08:31PM +1300, Atom Smasher wrote: > article below. does anyone know how this affects eli/geli? There's fairly little any disk crypto system can do to thoroughly defend against this. The best workaround currently is to turn off your machine when not in use. This has always been a good idea, since even without this attack, a running or sleeping machine can simply be retained until the appearance of a 0-day in the kernel or other running services. Granted, that often takes a while for FreeBSD. ;) Also, keeping your *really* sensitive data in a separate encrypted store which isn't always mounted is probably a good idea.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080223222733.GI12067>