[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dm-crypt
Subject:    [dm-crypt] encrypted root: prevent / detect tampering
From:       arno () wagner ! name (Arno Wagner)
Date:       2009-12-30 15:34:17
Message-ID: 20091230153417.GB26851 () tansi ! org
[Download RAW message or body]

On Wed, Dec 30, 2009 at 03:16:44PM +0100, Heinz Diehl wrote:
> On 30.12.2009, Arno Wagner wrote: 
> 
> > "total security" is a meaningless concept, unless you design and 
> > manufacture all hardware components yourself, which in practce
> > means it is a meaningless concept.
> 
> Yes, that was a bad choice of words, I realised it directly after sending
> the mail to the list. 
> 
> s/total security/max possible security under given circumstances/;

Better but not quite there either. You do not need "max", you 
need to find the right risk balance. IT security is risk management,
nothing else.

First you need an attacker model and an estimation of the worth
of your data/system integrity. Then you go from there. If the 
attacker needs to invest slighlty more than you loose from the
attack (and the countermeasurer cost), you have found the right 
balance. This is made more difficult because you will only have
estimates for most numbers.

Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

[prev in list] [next in list] [prev in thread] [next in thread]