Conversation:
Notices
-
LUKS is applied at the file system by the OS. Even compromised firmware on a hard drive will see only a stream of encrypted bits. OTOH the baked-in encryption on drives is now forever suspect.
-
@luanaspinetti We've got to use application layer !crypto. We can no longer trust transport layer security like https (Thanx, Lenovo!) or hardware security like smart cards (Thanx, GCHQ!)
-
Of course we can trust transport layer security, as long as we don't blindly trust a factory image to come configured in a secure fashion. :)
Heck, even harddrives have been known to come preloaded with trojans because they were "pre-formatted" with a filesystem (and someone had measled in an evil .exe). Can't really remember who had this problem, but I think it was #Maxtor or someother.
-
In the case I was thinking about you could format it either way you wanted.
The more dangerous backdoors are the ones the #NSA have access to, where the actual firmware of the disk is tampered with (giving possibilities to circumvent many security measures).
And such tampering is already available publically for SD cards (and SSDs in general I guess) since bunnie et al. presented it on 30c3.
-
@lnxw48 True, https is still good. And yes, the entire PKI business is corrupt (Thanx, Diginotar and Comodo!). The Lenovo MITM problem comes from corporate greed, an operating system that's hostile to its users, browsers that merrily display a little lock icon regardless of origin (see my PKI complaint above), and users who trust the vendors, certs, OS, and browsers without verifyi…
-
@bobjonkman Yes, it is hard to trust hardware nowadays. Hopefully RNGs aren't infiltrated too.