Re: DCPP

Sebastian Gottschalk <seppi@xxxxxxxxx> wrote:
Frank Slootweg wrote:

Because you simply can't use a highly complex program without at least
knowing the basics? Sorry, but if the users lacks intent to read the FM,
this is clearly his fault. As he deserves the resulting problems.

Yes, we are all quite well aware of your unrealistic expectations of
and opinions on users of commercial software.

This is an expectation on sanity, not on users.

But the 'sanity' of users. My point is that the expectation is
unrealistic, so it's kind of an insane expectation of "sanity"! :-)

And now you're even talking nonsense. If the user doesn't intentionally
goes to hibernate at the key creation *before* the hard drive gets
initially encrypted, it's clearly his fault. After encryption, the
hibernate file is placed inside the crypto container.

And the swap file *isn't* placed inside the crypto container?

Might be, but this might already have been too late.

But the same goes for the hibernate file. So you do expect the user to
wait pressing hibernate until the hibernate file is placed inside the
crypto container, but it's apparently fine if he doesn't wait (i.e.
leave the system physically unprotected or/and open to exploitation of
Administrator rights) until the swap file is placed inside the crypto
container. Don't you realize the inconsistency in such reasoning?

BTW, you came up with that.

Huh? I came up with what?

You missed the point. I'm not talking about your demonstration of the
exploit, but about the fact that a culprit has physical or programmatic
it access to the swap file, yet you don't blame the user for that.

Physical access. Well, that's exactly what we want to protect against with
implementing this crypto.

So you do agree that the user is as much to blame for leaving the
system open to 'your' swap file exploit as he is for leaving it open to
'my' hibernate exploit? I.e. he either is to blame in *both* cases or in
*neither* case. That's all I'm pointing out.
.