TheFactory: > Another good use for this feature is that you can pre-program in some > landmines to destroy the drive and overcome brute force. Since the LUKS > password prompt on my install of 3.2 has little to no delay between password > attempts one could use a mid range gpu to try millions of passwords. The > drive itself can be copied dozens of times to increase the chances of getting > the password. > > However if > > If you had a limit of 10 or 20 tries before drive wipe. > > And had a dozen or more fake passwords that would induce drive wipe. > > And had some sort of delay in each password attempt built in.(veracrypt takes > forever to process your password input for instance) > > Using tpm ontop of this would also at least frustrate their attempts at > mirroring the drive. > > You could be reasonably certian that even powerful attempts at getting the > drive open will be hopeless. Though, you may get yourself in some physical > trouble. > > I have wanted features like the above ones for some time. >
The problem with the "landmines" idea is that it requires the computer to react to the passphrase and begin wiping the drive. In an offline brute-force scenario, one assumes the adversary has a disk image, and they're surely going to remove any "landmine wipe" feature from their version of cryptsetup. A setup requiring a key *both* in your TPM and derived from a passphrase would really be ideal, though, yes. A PCR-constrained TPM outer key makes brute force impractical without physically attacking the TPM. At the same time, you don't rely solely on your TPM's security. Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3200bb45-482a-9ed1-a4d8-95c09a7bb990%40riseup.net. For more options, visit https://groups.google.com/d/optout.
