Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Server/laptop full-disk encryption

On Wed, Oct 1, 2014 at 8:44 PM, Derek Martin <invalid at> wrote:
> On Wed, Oct 01, 2014 at 01:41:43PM +0200, Bill Bogstad wrote:
>> Unlike on-line data thieves who can automate their data collection
>> to attack thousands, actually retrieving data from you stolen laptop
>> will take significant human effort on their part.
> Unless it doesn't.  If the attacker knows you and knows you have "a
> lot" of money in the bank and/or your banking habits, or knows that
> you are someone who has access to, say, a large number of people's
> credit card info, and has reason to believe that data is on your
> laptop, you may be specifically targeted.  The latter is unlikely for
> most of us, but I suspect most of us could fall into the former
> category.

And we are back to what is your threat model and potentially "rubber
hose" key retrieval.
Or for that matter, if you have a "lot of money" do you have paper
copies of your
financial statements and if so do you keep them in a locked safe?  And
what about someone setting up a spy camera in your home/favorite
coffeee shop, so they can record you typing your password/key before
they steal your laptop.   Where does it all end?   While I agree that
there are cases where maximal security is warranted;once you are being
explicitly targeted, so many other possibilities are opened up for the
attacker that it isn't obvious that better encryption is the best way
to reduce your risk.   Perhaps you should take self defense classes

Bill Bogstad

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /