[Nottingham] gpgpwd - keeping a commandline passwords list
Mike Cardwell
nlug at lists.grepular.com
Tue Jun 19 08:49:27 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 18/06/12 22:41, James Moore wrote:
>> I don't think that the clipboard is ever synced to disk...
>> Unless you're thinking of swap? Anyway, I already use full disk
>> encryption and don't have a swap partition so I should be ok.
>>
> FDE works on the swap partition as well (as long as it's on the
> same LVM stack or physical disk as the root partition).
It can be configured to do that yes. But I have an SSD and was
thinking about wear levelling as well as security.
> Apart from that, in my experience you can encrypt the swap
> partition in Windows 7 with no third party software, but I prefer
> to use something like TrueCrypt and give it the whole brick. Triple
> cascade, 256-bit AES-Twofish-Serpent using XTS method and Whirlpool
> hash. With the passphrase I use on my netbook, that's 6.8x10^144
> P90-years of bruteforce strong, there is no recovery disc
> (deliberately) and the only place the passphrase exists is in my
> head.
You're still subject to cold boot, evil maid and DMA through Firewire
etc attacks though of course -
https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks
> The (Windows) clipboard cache is usually in a reserved space in
> RAM, though it is treated like any other part of the RAM subsystem
> and cached to disk on occasion, such as when the system runs out of
> memory. Most word processors (read: typesetters) create temporary
> files when there is something in the clipboard cache, which contain
> a format-compatible copy of whatever's in the clipboard. All this
> does is speed up the pasting process (though with the speed of
> systems these days it's a bit redundant I think so it's a "feature"
> that should be deprecated for security's sake).
Lets just assume that Windows is insecure and stick to Linux ;) If I
were running a Windows machine it would definitely be sat on top of
TrueCrypt FDE.
> On topic, I can't quite see the logic in encrypting just one or two
> files, particularly on a portable system, rather than locking the
> entire disk so without the proper credentials there is no way
> whatsoever to gain any useful information. Maybe it's just me.
Performance. Although a modern CPU with AES-NI instructions fixes that.
- --
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----
iQGGBAEBCgBwBQJP4D1vMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBJo5B/9kqQMuRVFT
mfDMTv3RDsDEsiTvLVRv23LF++Z/SMaKJ15U6htrWH0TqNc9Q2XW/jxgLAvrM8xF
+lSNBakEzLT3CvRBiueHi0QG1Nn7nTG0+5KK3ksIlXUeZcUJ5xPa1Vs+rCPnI3Bs
jctmssZz8Dme3O9yJv8tGu5YYYmm6pYrxTPLrUJzX+0MIp0EjV6jN/oCCc8qdpFA
WttmVsFiyMLx+rglWX3XOhXFIorJCE3CCH0YHjj3Cbyd702gwJ+xJM8FoDfVv/BG
1mf+5/+UmLxsGrIFQgWkXQ8vGvfdAEB2BGDpMvyb2w1ycHjC3ljv0uUdf60pgoV4
eUrKE0bQLScF
=zib+
-----END PGP SIGNATURE-----
More information about the Nottingham
mailing list