On Wednesday, November 8, 2017 at 2:30:38 PM UTC-5, Patrick Schleizer wrote:
> How strong should the SRK password strength be? Should it be as strong
> as a password for full disk encryption?
> 
> Is it sane to use same password as SRK password as well as for full disk
> encryption?
> 
> Cheers,
> Patrick

Think about the attack surface. Evil maid needs to come into your room and has 
about 2 hours to attack your machine.
The disk encryption needs to be much stronger. You take a flight to a country 
with some "security needs" and your laptop is shipped 2 days after your landing 
to your hotel.
The $agencies copied your harddisk and modified your bios (ME, UEFI) and you 
shop for a new laptop of the same series, pay cash and migrate your harddisk to 
the new machine.
So the $agencies are sad as they can not capture your key strokes but they can 
work years with your harddisk image.
The evil maid has not so much time, also she can not prepare much.
So if you have problems, maybe, you can decrease the security of SRK password,
but be sure to have enough entropy in a password.

Cheers.
As all have nothing to hide, we will not need to buy a new laptop on holidays 
:-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5661490d-8fe7-43b4-a7e7-d399b717357d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to