Seriously: *********** If you care about being watched, i would recommend something like a Yubi key (it's a usb keyboard emulator that repeats your passphrase with only press a button; that can turn you on). Also can be configured with complex algorithms (one-time-passwords and so), but this will be hard to implement at boot time.
Save pass on a secure environment, use it everywhere, renew password in laptop and key when in a secure place. Friday fun: *********** the bathroom idea made me smile! :) If you take me to this level of paranoia, when some word in my head is the path to the secret information... i will "cover my head". just for laught and thoughts http://xkcd.com/538/ So we can argue that security meassures can be right or wrong if they reach what they plan. But also have in account the "kind of secret" and "from who". With that in mind, we can also flag security meassures as overract, propper, or insufficient. let's free the paranoia for everyone! :) Typing in the bath sounds good, but I wont take it as a safe protocol, because if you _always_ type it in the bath, maybe "your thief" doesnt care about your privacy nor your data, and wont care about seeing you naked! Pseudo-random places (from a previously selected places) sounds better to me, having in account that possible leaks are performed throught light/vision and/or waves/sound. Took a place where this cant be easyly meassured... maybe the elevator or the corridor one floor below yours is a safer place :? then i guess we need "sofisticated meassures" http://www.wouldyoubelieve.com/cone.html :) Have a nice weekend folks! D El jue, 28-05-2015 a las 12:52 +0200, Robert Alessi escribió: > On Thu, May 28, 2015 at 10:11:21AM +0000, [email protected] wrote: > > > Because even on this second libreboot system, you have to type your > > > passphrase under the eyes of everyone. Unless you have no important > > > data on this second system, I think it matters. > > > > You still can do this (image attached) or go somewhere else to type in > > your password, which I do all the time. If I can't, I won't use the > > laptop because I can't memorize this password lengths every 2 days. > > No kidding, this is what I do! At home, I go in a closet to type in > my passphrase. Passphrases are very hard to memorize: I use the > Diceware method which I find useful. As I am paranoid too, I try to > memorize at least 9 words. > > > You should keep in mind that the password can be guessed by the sound > > your keyboard makes (no idea how to avoid this other than typing very > > softly, slowly and not on a mechanical keyboard) and in the reflections > > of your eyes with a pretty standard camera (proven by the CCC in 2014), > > easily circumvented by not looking at the keyboard while typing. > > I was aware that mechanical keyboards were one of the most common > flaws in computer security, but I had no idea that footages of my eyes > might give away my passphrase! Gosh! > > > If you're as paranoid as I am, you'll also close the curtains when > > typing the password at home if your room has windows. > > Indeed I do. >
