-----BEGIN PGP SIGNED MESSAGE----- Adam Gulkis <lordvidarr+@CMU.EDU> writes:
a locked startup disk is not a good idea, if it is even possible. Most applications setup scratch space on the startup volume.
It is possible, although it does break things, for example ResEdit and AppleTalk. Then again, locking a disk doesn't gain you much security.
It would be a better idea to setup a partition for applications and lock it, if you feel that is necessary. Norton DiskLock is a nice tool that provides a startup password protection as well as screensaver password. It will request a password if the machine sleeps or to reboot after a crash.
A good locking screen saver is essential, however, a driver level password checker (which is what I assume Norton is) is not that helpful. "Look ma! I stole Adam Gulkis's hard disk, now the secrets of the screaming viking lie open before me!" "That's nice dear, why don't you pop it in the machine and show your father?" "Okay <rummages with screwdrivers> Awww, Jeez, he used Norton DiskLock, I can't mount the drive." "Here's a Silverlining disk, just 'update' the driver." "Aw, thanks mom!" You really do need to encrypt the drive, otherwise methods such as replacing the drivers or reading the disk with a microscope will extract the data quite easily. A friend of mine just got back from a kerberos conferance at MIT, at dinner one night they were talking about fun-n-easy ways to extract data from a machine. One of them mentioned that after a while, a "on" bit in RAM tends to leak out onto the surrounding sillicon, providing a record of your memory. I'd imagine that your PGP passphrase sitting in one location in memory for a few days would burn itself in pretty good. The solution to this problem is to invert your RAM every once in a while, so each bit is on and off for about the same amount of time. I wonder if it'd be possible to build a device that goes between your motherboard and your SIMMs that would invert and decode your RAM. I could see wierd timing issues popping up, but I don't know enought about OSes and computer architecture to know. Of course, no computer is "secure" without a thermite charge above the hard drive, and a tamper-resistant case. "Well, Billy, the Sevret Service is here, they want to take away your computer (and telephone, and cassette tapes ,and etc.)" "Okay, mom. It's right over here, Mr. Scarry Secret Service dude." <lift> "Ffffffts" "Hey, Billy, what's that smoke coming out of your computer?" Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMo0zPskz/YzIV3P5AQELwwMAgvAXIyzTpr6L4Niuy8G+dxzdRxNMBXB2 T8GvoXSLnD5DId/pefMHuKBg2qbKwUyEiQJH9wlUaY2Iq6XO4/nU5lMxyFUkkMbN 8Uah5HDxJ3r/UxWRXGFYXbaKlxuSkw0F =edZH -----END PGP SIGNATURE-----