Related Articles

10 Comments

  1. 6

    Gary Golden

    Plausible deniability is the required addition if you expect dealing with someone more powerful than a thief.
    There is actually password saved, in your head, and people who needs it are good at retrieving it from there.
    Depending on country they may either stick needles under your nails or force you legally to reveal the pass.
    So, it’s actually vulnerable to non-technical attacks like such.
    Another option is a mechanism to wipe all data somehow quickly.

    Reply
  2. Pingback: Links 13/12/2011: Red Hat 6.2, Helsinki Happy With Free Software | Techrights

  3. 5

    gus3

    Another drawback of whole-volume encryption is its all-or-nothing approach. One key grants access to many files. MAC/RBAC can mitigate this, but file-level encryption with discrete keys can take information security to a whole new level.

    Reply
    1. 5.1

      finid

      The idea is if an unauthorized person cannot read the drive, job is done. However, there is nothing wrong in having more than one level of encryption.

      Encrypt the disk, and encrypt files and folders that you really, really want to keep private.

      Reply
      1. 5.1.1

        gus3

        Multiple encryption is not a good idea. Two ciphers together can be weaker than either cipher alone.

        Reply
        1. 5.1.1.1

          finid

          Not if one has nothing to do with the other.

          Reply
  4. 4

    john coward

    Any encode/encryption method only requires something.
    That something is the key to decode, simple. 99.9% of geeks
    will start with that fact. Guess who reads fastest, citizen
    or super Ucpu. Automated attacks answer is done for that reason.
    If U need is worth it, bribe local geek.

    Reply
  5. 3

    solbadoir

    It is good to know that disk encryption does not protect against “evil maid”. If you leave your computer in hotel and there is an evil maid (read: some geek) that replaces boot partition program with some evil keylogger and then you come back to hotel, type in the password that key-logger stores on boot partition and you just start working as normal, leave hotel with your computer in the hotel and evil maid has got your password and can log-in into encrypted disk.

    Similar by less technical maid could do with secret cam that is filming your fingers while you are typing a password.

    So there is no 100% security.

    I have seen a company that had a policy that you had to remove the hard disk from your computer and leave only bare bone laptop in hotel.

    In this case still possible (but harder) to replace BIOS program with some key-logger etc. There is just never 100% of security if you like it or no.

    But bare in mind, more measures you take less likely the person with knowledge and the will will brake your system.

    Reply
    1. 3.1

      finid

      Physical security goes beyond more than just hard disk encryption. You might want to read this.

      Reply
  6. 2

    No_Asylum

    Good to know.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *