User: Password:
Subscribe / Log in / New account

"Evil Maid" attack against disk encryption

"Evil Maid" attack against disk encryption

Posted May 6, 2010 23:18 UTC (Thu) by nybble41 (subscriber, #55106)
In reply to: "Evil Maid" attack against disk encryption by bronson
Parent article: "Evil Maid" attack against disk encryption

> If you enter your one-time password on a subverted system, the attacker suddenly has access to all your data. He only needs access once.

All your *current* data, yes; I don't see a way around that. The idea was to protect any future data you may put on the device from a different host PC.

> Not if your system is subverted.

The idea was to remove the USB key and re-encrypt it on a known-clean system, not re-encrypt on the compromised PC. Again, this is to protect against future unauthorized access, not to protect any data which may have already been exposed.

> Perhaps, but this doesn't exist today and sounds awfully expensive to develop.

I don't think it would be all that expensive; it's basically just a TPM chip with some trivial input hardware for the password. Internal hard-disk encryption exists today, though I don't know if it's any good. The drives I know of with that feature require full re-encryption to change the password, if they support it at all, but that wouldn't be hard to fix.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds