begin quoting R P Herrold as of Thu, Sep 14, 2006 at 09:11:45PM -0400: > On Thu, 14 Sep 2006, Stewart Stremler wrote: > > >I think that if you have an encrypted system disk, you should have > >TWO... and you choose which one to boot depending on the passphrase > >provided. > > > >(And maybe a passphrase that indicates "destroy all information NOW", > >presumably by deleting the keys used to encrypt/decrypt the drive.) > > Well, that 'Mission Impossible; "this tape will self-destruct > in 5 seconds" approach' works, at most one time, and then > only against a opposing force which is amateurish in its > tradecraft.
If it's an isolated case. Multiply that by ten million travellers, to pull a number from nowhere, *every* *day*, and you're introducing a severe strain on resources. One-on-one, spy-vs-spy sort of thing (where "tradecraft" comes in), well, a keylogger is easier. Or a few microphones in the vicinity. > One has to assume that before one is invited to surrender a > passphrase, the entity who has possession of the hardware in > question will have made an image copy of of the media, so that > you might be pursuaded to see the error of attempting to > destroy 'evidence', and provided a chance to correct that > error. Indeed. But that takes resources. Me spending a little bit of money to force the other guy to spend a lot of money counts as a "win". And time, too. Forcing a customs official to dismantle, duplicate the hard drive, and reassemble a laptop takes up a LOT of their time. Plus, when I get my reassembled laptop, I can assert that they screwed something up and that the failure for my passphrase to work is due to their incompetence. Waste their time and money, AND get plausible deniability regarding why my passphrase won't unencrypt my disk. Where's the downside again? -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
