[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <31390.1190219938@turing-police.cc.vt.edu>
Date: Wed, 19 Sep 2007 12:38:58 -0400
From: Valdis.Kletnieks@...edu
To: Kyle Moffett <mrmacman_g4@....com>
Cc: Satyam Sharma <satyam@...radead.org>,
Trond Myklebust <trond.myklebust@....uio.no>,
"J. Bruce Fields" <bfields@...ldses.org>,
Jan Engelhardt <jengelh@...putergmbh.de>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: NFS4 authentification / fsuid
On Wed, 19 Sep 2007 01:16:28 EDT, Kyle Moffett said:
> I am assuming that if the laptop has sufficiently important data on
> it to warrant the above steps then I am also clueful enough to:
> (A) Not carry the laptop around unsecured areas,
> (B) Keep a close enough eye on it and be aware that it's gone by
> the time they get to step 2, OR
> (C) Pay somebody to build me a better physical chassis for my laptop
Building a better chassis can be a challenge when the threat model really
*does* include attacks by a well-funded TLA.
http://www.epic.org/crypto/scarfo/murch_aff.pdf
The FBI did an *initial* entry to survey the hardware, and then a total of
*five* other entries before they actually installed it. Note the technical
and legal requirements required on the KLS (it had to, among other things,
capture PGP passphrases but *not* anything that was typed online).
> Besides, if some government
> wanted the data on your laptop that bad they'd just pick you up in
> the middle of the night and torture your password out of you.
See above. Though I *will* note that several years ago, a Department
of Justice filing regarding the use of wiretaps and similar tools reported
that in every single case that the FBI encountered encryption, it in fact
didn't stop the FBI from getting the info it was looking for. Presumably,
they either used Scarfo-type devices, or they rolled somebody for the key.
They never *did* break Anthony Pellicano's PGP key, as far as I know....
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists