[Discuss] Server/laptop full-disk encryption

[bogstad at pobox.com (Bill Bogstad)]

On Wed, Oct 1, 2014 at 8:44 PM, Derek Martin <invalid at pizzashack.org> wrote:
> On Wed, Oct 01, 2014 at 01:41:43PM +0200, Bill Bogstad wrote:
>> Unlike on-line data thieves who can automate their data collection
>> to attack thousands, actually retrieving data from you stolen laptop
>> will take significant human effort on their part.
>
> Unless it doesn't.  If the attacker knows you and knows you have "a
> lot" of money in the bank and/or your banking habits, or knows that
> you are someone who has access to, say, a large number of people's
> credit card info, and has reason to believe that data is on your
> laptop, you may be specifically targeted.  The latter is unlikely for
> most of us, but I suspect most of us could fall into the former
> category.

And we are back to what is your threat model and potentially "rubber
hose" key retrieval.
Or for that matter, if you have a "lot of money" do you have paper
copies of your
financial statements and if so do you keep them in a locked safe?  And
what about someone setting up a spy camera in your home/favorite
coffeee shop, so they can record you typing your password/key before
they steal your laptop.   Where does it all end?   While I agree that
there are cases where maximal security is warranted;once you are being
explicitly targeted, so many other possibilities are opened up for the
attacker that it isn't obvious that better encryption is the best way
to reduce your risk.   Perhaps you should take self defense classes
instead...

Bill Bogstad