Hi everyone, I found the great question on booting encrypted drives, and since I’m somewhat paranoid I’d like to ask a follow-up:
When the key to decrypt the drive is input into the system, I’m assuming it stays in the RAM till the time the computer shuts downs. We know that one could, in theory, get a dump of the contents of the RAM in such a state, if done correctly. How would you deal with this problem? Is there some way to insert the USB, decrypt the drive, and then remove the USB and all traces of the key from the system?
Thanks!
Edit: link to the question I referenced: https://feddit.de/post/6735667
What do you mean?
What he means is, your security considerations here must come from some perceived threat. What kind of threat do you forsee that requires this high level of security?
Usually when you consider security you start with a threat model, describing the scenarios you want to protect your systems from. And based on that you decide the necessary technical security measures that are relevant.