Security Flaw in Popular Disk Encryption Technologies
David E. Thiel
lx at FreeBSD.org
Sat Feb 23 22:54:14 UTC 2008
On Sat, Feb 23, 2008 at 02:08:31PM +1300, Atom Smasher wrote:
> article below. does anyone know how this affects eli/geli?
There's fairly little any disk crypto system can do to thoroughly defend
against this. The best workaround currently is to turn off your machine
when not in use. This has always been a good idea, since even without
this attack, a running or sleeping machine can simply be retained until
the appearance of a 0-day in the kernel or other running services.
Granted, that often takes a while for FreeBSD. ;) Also, keeping your
*really* sensitive data in a separate encrypted store which isn't always
mounted is probably a good idea.
More information about the freebsd-hackers
mailing list