Re: mlock(1)

[Alan Cox]

On Mer, 2004-09-29 at 02:16, Jon Masters wrote:
> I don't see in your argument how this is meant to be cryptographically
> secure. Nor do I see from any of the original mail an idea which does
> anything more than offer a fake promise of security to those who are
> willing to assume only dumb criminals steal their laptop. This is
> worse than no security at all and renders the idea of encrypting swap
> completely useless.

Most criminals are dumb. That means a boot screen that says 
"Property of Dave Miller, if found please leave anywhere in Tahoe"
"Password:"

and a boot/bios password will defeat them and may get the laptop dumped
back where it can be recovered.

Thus don't rule out the value of the deterrent It isnt appropriate if
you leave national secrets on the train like all our finest government
employees keep doing obviously.

> 1). I open the laptop up (I'm allowed to do that if I've already nicked it :P).
> 2). I take a copy of the BIOS.
> 3). I replace the BIOS with a hardware configuration (however done -
> perhaps hot swapping chips, perhaps some simple logic device helps me)
> in which the original BIOS is available once booting begins.
> 4). That part of the security model was just destroyed.

This threat level is why secure systems people use smartcards for the
encryption keys and related processing. Just don't leave the smartcard
on the train!

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/