"encryption" +"air Attack"

Hi,

Boy its been a VERY long time since I have posted here! lol :lol: Anyways I am wondering how OpenSuSe stands against the "canned air attack" that has been in the news lately. I have already seen Vista Bit Locker and Mac OS X File Vault fail against this attack so is it the same for OpenSuSe file encryption that it comes with as I use it as my main systems?

I am Running OpenSuSe 10.2 btw and very happy with it. What do you guys think? Is there away to prevent it?

o.k. so a little research reviles that if one boots down the machine then it will "clear" the ram. This is good if your system is a laptop, but what about us desktop users that leave it constantly running?

I also know that one must have physical access to the machine before the attack can be implemented. However how does one stop the over zealous pro fascist governments from "issuing" a "warrant" then ceasing your computer with important files on it? If they unplug it, then the system does not get a chance to securely over write the key in ram thus they could then cool down the chip, transfer it, make a copy of the key and voila your HD is now exposed.

Make your computer self-destruct if moved.

Quote:

o.k. so a little research reviles that if one boots down the machine then it will "clear" the ram. This is good if your system is a laptop, but what about us desktop users that leave it constantly running?

I also know that one must have physical access to the machine before the attack can be implemented. However how does one stop the over zealous pro fascist governments from "issuing" a "warrant" then ceasing your computer with important files on it? If they unplug it, then the system does not get a chance to securely over write the key in ram thus they could then cool down the chip, transfer it, make a copy of the key and voila your HD is now exposed.
[/b]

I was thinking, what if SuSe told dm-crypt to securly write out the ram after so many (seconds/minutes/hours) of inactivity from a user?

So if a machine goes to sleep dm-crypt would auto dismount, write out the ram and when woken up a password dialog box will appear.

Of course, how then would a program that is using the encrypted partition function. Unless it does not dismount but just gets rid of any "evidence" of a key during any inactivity. Thus some sort of authentication should be committed?

:blink: :closedeyes:

Quote:

However how does one stop the over zealous pro fascist governments from "issuing" a "warrant" then ceasing your computer with important files on it?
[/b]

Over zealous pro fascist governments have security policies that require external access of keys, via smartcard or USB. That should tell you something...

Cheers,
KV

Quote:

Over zealous pro fascist governments have security policies that require external access of keys, via smartcard or USB. That should tell you something...

Cheers,
KV
[/b]

So are you telling me that the key should be stored on a usb and or smart card. How do you get SuSe to do such a thing?