Re: Cryptoloop patch for builtin default passphrase

[Paulo Marques]

Valdis.Kletnieks@xxxxxx wrote:
> On Mon, 25 Oct 2004 18:33:43 BST, Paulo Marques said:
>
>
> > I don't have any feelings about this patch, but it seems to me that you 
> > could always store the contents of the nvram somewhere "safe" (you could 
> > even write them down and take it to a safe deposit box in a bank :) ), 
> > and, if those contents happen to change, you could always write them 
> > again...

I really didn't want to pursue this further, but...

> That's assuming that your machine will even *boot* correctly and cleanly if the
> contents of the NVRAM are put back.

You can always boot with a rescue CD or something, assuming that you 
don't have a stupid file system (I think there is none in Linux) that 
mounts even with the wrong magic number and trashes the block device 
contents.

(why would you need confidential information to boot in the first place?)

> And if you're doing the "write it down and type it in again" thing, you might
> as well just use a passphrase, as it's defeating the whole concept of
> using /dev/nvram to xor against....

No it is not. You would just type in again *if* the contents of nvram 
got lost which shouldn't happen in the first place (or at least happen 
rarely).

This is a "just in case" scenario, not a everytime scenario liake the 
passphrase approach.

As I said before, I have no strong feelings about this patch, I just 
don't like to see things defeated over false arguments...

--
Paulo Marques - www.grupopie.com

All that is necessary for the triumph of evil is that good men do nothing.
Edmund Burke (1729 - 1797)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/